HomeMy WebLinkAbout2022-08-01 Tech Privacy Task Force Post Agenda Packet City of Chula Vista
Technology and Privacy Advisory Task Force
**POST-MEETING AGENDA**
Date:Monday, August 1, 2022
Time:6:00 p.m.
Location:Council Chambers, 276 Fourth Avenue, Chula Vista, CA
Meeting Agenda
Pages
1.CALL TO ORDER
2.ROLL CALL
3.PUBLIC COMMENTS 3
Any individual may address the task force on any matter within the subject area
of the task force that is not on the agenda. Speakers will have a maximum of
three minutes to provide their comments. A maximum of 20 minutes will be
provided for public comment at this time. Speakers will be called in the order in
which their requests to speak are received. If, after 20 minutes, there are still
individuals in the queue to speak, they will be provided an opportunity to speak
after the work session has concluded.
4.BUSINESS ITEMS
4.1 Receive and file meeting summaries 31
Task force members will receive and file the meeting summary from the
July 18 meeting.
5.PRESENTATIONS
5.1 Results of focus groups and community meetings 33
John Nienstedt will provide an executive summary of the results and
findings of the focus groups held in June and July.
Jeremy Ogul, Kyle Alderman, Adrianna Hernandez, Rafal Jankowski,
Mae Case, Dominic LiMandri, Maria Whitehorse, Sophia Rodriguez, and
Art Pacheco will provide summaries of the input and feedback they
received at the community meetings on July 27 and 28.
6.WORK SESSION
6.1 Work session #2 94
Task force members will continue discussion of potential policy
recommendations.
7.ADDITIONAL PUBLIC COMMENTS
Any individual may address the task force on any matter within the subject area
of the task force. Speakers will have a maximum of three minutes to provide
their comments.
8.STAFF COMMENTS
9.TASK FORCE MEMBER COMMENTS
10.ADJOURNMENT
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 2 of 95
1
Jeremy Ogul
From:Jeremy Ogul
Sent:Monday, August 1, 2022 1:14 PM
To:Jeremy Ogul
Subject:FW: Privacy meetings
From: Jorge Marroquin <>
Sent: Sunday, July 31, 2022 1:50 PM
To: Adrianna Hernandez <adhernandez@chulavistaca.gov>
Subject: Privacy meetings
I was unable to attend the meeting due to other commitments but I feel you can't be safe without any type
of surveillance equipment, why are residents buying home protection equipment alarms or cameras. If you have some
problems with privacy stay home but if you have nothing to hide.
Enjoy the extra protection,, this is not big brother this is our elected government protecting all of us. I am a retired MTS
rail (trolley) accident investigator and at present all public agencies require some type of surveillance equipment to
locate and evidence of the 5% of criminals in our communities.
Present, timed out member of the Chula Vista safety commision.from the all new AOL app for Android
Warning:
External
Email
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 3 of 95
1
Jeremy Ogul
From:Stacey Uy
Sent:Monday, August 1, 2022 9:46 AM
To:privacytaskforce@chulavistaca.gov
Subject:Takeaways from 7/27 Public Comment Forum
Dear Privacy Task Force Members,
Thank you for carving out a space for the community to contribute to the conversation on surveillance in Chula Vista. As
a member of Adriana's group, I wanted to make sure highlights from our group were put into the record. We had a great
discussion. We probably disagreed on many things, but we were in consensus over the following points, and especially
for surveillance policies being community-led.
1. Seeking public approval after programs are already underway is TOO LATE. The fact that the drone program and
automated LPRs are already being used without the public's consent and knowledge is a sign that the city of
Chula Vista is failing to protect its citizens' privacy. There needs to be processes in place before technology is
acquired and used.
2. One of our group members, Sergio, spoke of his personal experience of being overly surveilled, to the point
where even his daughter is noticing the drones following them and he's had to file complaints to the DOJ with
no response. Safeguards like the Oversight Board and policy safeguards need to be community-led. That means,
placing the people affected by surveillance the most on the Oversight Board. People like Sergio, Black, Latinx,
undocumented, young people, trans and queer folks should be sought after as experts on how surveillance
affects our everyday lives and how we can protect privacy while keeping each other safe. Requirements for
membership that include bachelor's degrees, clean records, and technology "expertise" are back door attempts
to exclude the people who have first hand experience of being overly surveilled in the city.
3. We all identified issues in Chula Vista that needed attention such as homelessness, drug rehabilitation programs,
and affordable housing. We ALL agreed the return on investment from surveillance technology to supposedly
prevent crime was unacceptable, compared to how that money could have been spent actually helping the
people that need it the most. Providing basic services is where crime prevention happens.
4. According to our poll, no one under the age of 24 was present. The city of Chula Vista needs to be actively
engaging young people in the conversation, as these policies will affect them for the rest of their lives. That can
look like holding youth-specific forums at schools and publicizing meetings on Tik Tok and IG. If you don't know
how to do these things, you should hire (and pay) young people to help you.
As an Asian American, I was also very concerned that the forum audience did not reflect the racial makeup of the city.
With the spotlight on anti-Asian violence, people claim we need surveillance to keep us safe, and I disagree. We are just
as much at risk of being overly-surveilled and over-policed, and we will not be used as a racial wedge to build more
surveillance in the city. Please do a better job of engaging with Black, Latinx, and Asian American communities for these
meetings.
Thank you for your attention on this matter. And I hope to engage more in future meetings.
Sincerely,
Stacey Uy (she/hers)
Warning:
External
Email
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 4 of 95
1
Jeremy Ogul
From:Margaret Baker <mbakerdrph@gmail.com>
Sent:Monday, August 1, 2022 1:20 PM
To:Privacy Task Force
Cc:Sophia Rodriguez
Subject:Community's proposed ordinances
Attachments:Revised Privacy Advisory Commission Ordinance_2022-07-15.pdf; Revised Surveillance and
Community Safety Ordinance_2022-07-15.pdf
Dear Privacy Task Force members,
I am writing to make sure you each have copies of the ATTACHED community’s proposed ordinances, and to
request that these two documents be posted as attachments for tonight’s Task Force meeting so that the general public
can access them.
In addition, I am including the link to our group's PPT presentation that provides a clear outline of some of the major
provisions of these ordinances, specifically, community-led oversight commission, and elements of the Surveillance
Impact Reports and Surveillance Usage Policy. We hope that you will carefully review these provisions during your
deliberations.
As you know, our community groups have worked diligently to research best practices, discuss options with local
community members as well as leaders in cities that have already implemented such ordinances regarding what is
needed and what works to protect our privacy. All agree that a community-led process is essential. We feel the city
needs to establish BOTH a community-led Privacy Advisory Commission and a Usage Ordinance that establishes
processes to codify clear usage policies for each type of surveillance, and to lay out processes for initial and ongoing
review of impact and privacy protections, as well as regular reporting that includes provisions for robust community
review and comment. We encourage you to start with some basic agreements on definitions, a set of guiding principles,
and an outline of components of policy provisions before jumping to votes on details that require more research and
consultation. The definitions and provisions included in the Surveillance and Community Safety Ordinance will help you
to establish a common language.
Finally, I would like to thank you for your time and commitment to this challenging work, and to encourage you to
continue to ask tough questions and to bring in concerns of often-marginalized members of our community about the
need for enforceable, transparent civil rights protections in our city.
Sincerely,
Margaret A. Baker, DrPH
mbakerdrph@gmail.com
619-840-0463
South Bay People Power promotes social justice through nonpartisan civic engagement.
Warning:
External
Email
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 5 of 95
Privacy Advisory Commission Ordinance
(Revised - July 15, 2022)
ORDINANCE NO. _________________
ORDINANCE OF THE CITY OF CHULA VISTA ESTABLISHING
THE CHULA VISTA PRIVACY ADVISORY COMMISSION
PROVIDING FOR THE APPOINTMENT OF MEMBERS
THEREOF, AND DEFINING THE DUTIES AND FUNCTIONS OF
SAID COMMISSION
WHEREAS, the Chula Vista City Council (City Council) finds that the use of surveillance
technology is important to protect public health and safety, but such use must be appropriately
monitored and regulated to protect the privacy and other rights of Chula Vista residents and
visitors, and
WHEREAS the City of Chula Vista (the City) has been building on a detailed Smart City
Strategic Action Plan since 2017 with limited opportunity for community input, oversight or
control; and
WHEREAS Chula Vista seeks to maintain its designation by Welcoming America as a
certified Welcoming City, City Council strives to comply with the criteria in the Welcoming
Standard, in particular, relevant criteria relating to “Safe Communities”, “Equitable Access”, and
“Civic Engagement”; and
WHEREAS, the City Council recognizes the use of open data associated with
surveillance technology offers benefits to the City, but those benefits must also be weighed
against the costs, both fiscal and civil liberties; and
WHEREAS, the City Council recognizes that surveillance technology may be a valuable
tool to support community safety, investigations, and prosecution of crimes, but must be
balanced with the individual’s right to privacy, it also; and
WHEREAS, the City Council recognizes that privacy is not just a personal matter; there
are societal consequences to privacy degradation over time as well as societal benefits with
increased trust and transparency; and
WHEREAS, the City Council finds that surveillance technology includes not just
technology capable of accessing non-public places or information, but also may include
technology that aggregates publicly-available information, which, in the aggregate or when
1
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 6 of 95
pieced together with other information, has the potential to reveal details about a person’s
familial, political, professional, religious, or intimate associations; and
WHEREAS, the City Council recognizes that government surveillance may chill
associational and expressive freedoms; and
WHEREAS, the City Council recognizes that data from surveillance technology can be
used to intimidate and oppress certain groups more than others, including those that are defined
by a common race, ethnicity, religion, national origin, income level, sexual orientation, or political
perspective; and
WHEREAS, the City Council finds that safeguards, including robust transparency,
oversight, and accountability measures, must be in place to protect civil rights and civil liberties
before City surveillance technology is deployed; and
WHEREAS, the City Council finds that decisions regarding if and how the City’s
surveillance technologies should be funded, acquired, or used should include meaningful public
input; and
WHEREAS, on January 18, 2022, City Council unanimously approved creation of a
“Technology and Privacy Advisory Task Force” to draft policy and recommendations to be
presented to the City Council for consideration, and further requested that the City
Administration prepare a “Citywide Technology Oversight Policy”; and
WHEREAS, the said Technology and Privacy Advisory Task Force recommends creation
of a new permanent citizen advisory board known as the “Privacy Advisory Commision” to
advise the Mayor and City Council on transparency, accountability, and public deliberation in the
City’s acquisition and usage of surveillance technology and data; and
WHEREAS, Article VI, Section 600 of the City Charter reserves to the City Council the
authority to create boards and commissions by ordinance, and to prescribe their function,
powers, duties, membership, appointment, terms, qualifications, eligibility, reimbursements for
expenses, if any;
NOW THEREFORE the City Council of the City of Chula Vista does hereby ordain as
follows:
Section I. Establishment
A.Establishment and Appropriations
Pursuant to Article VI of the Charter of the City of Chula Vista, there is hereby created a
Chula Vista Privacy Advisory Commission (hereinafter referred to as the “Privacy Commission”
or “Commission”). Appropriations of funds sufficient for the efficient and proper functioning of
the Privacy Commission shall be included in the annual budget by the City Council.
2
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 7 of 95
B.Purpose and Intent
It is the purpose and intent of the City Council to establish a Privacy Commission to
serve as an advisory body to the Mayor and City Council on policies and issues related to
privacy and surveillance. The Commission will provide advice intended to ensure transparency,
accountability, and public deliberation in the City’s acquisition and use of surveillance
technology.
C.Definitions
For purposes of this ordinance, all words defined in the CVMC Chapter XXXX, known as
the Chula Vista Surveillance and Community Safety Ordinance, have the same meaning herein.
D.Membership
The Privacy Advisory Commission shall consist of nine (9) members, who shall serve
without compensation. At least six (6) members shall be Chula Vista residents. Members shall
be appointed by the City Council.
E.Qualifications of Members
All members of the Privacy Advisory Commission shall be persons who have a
demonstrated interest in privacy rights through work experience, civic participation, and/or
political advocacy.
The City Council shall appoint the nine (9) members from the following representative
areas of organization interest, expertise, and background:
1.At least one attorney or legal scholar with expertise in privacy or civil rights, or a
representative of an organization with expertise in privacy or civil rights;
2.One auditor or certified public accountant;
3.One computer hardware, software, or encryption security professional;
4.One member of an organization that focuses on open government and transparency or
an individual, such as a university researcher, with experience working on open
government and transparency; and
5.At least four (4) members from equity-focused organizations serving or protecting the
rights of communities and groups historically subject to disproportionate surveillance,
including communities of color, immigrant communities, religious minorities, and groups
concerned with privacy and protest.
Member qualifications and eligibility shall be in accordance with Chula Vista Charter
Article VI, Section 602, and CVCM Section 2.25.030. No member shall have a state
law-prohibited financial interest, employment, or policy-making position in any commercial or
for-profit facility, research center, or other organization that sells data products, surveillance
equipment, or otherwise profits from recommendations made by the Privacy Advisory
Commission.
F.Terms
3
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 8 of 95
Pursuant to Article VI, Section 602 of the City Charter, members shall be appointed by
motion of the City Council adopted by at least three affirmative votes. The members thereof
shall serve for a term of four (4) years and until their respective successors are appointed and
confirmed. Members shall be limited to a maximum of two (2) consecutive terms and an interval
of two (2) years must pass before a person who has served two (2) consecutive terms may be
reappointed to the body upon which the member had served.
Initial members shall be appointed in staggered terms by lot. For the initial appointments,
three (3) members shall be appointed to an initial term that will expire on June 30, 2023, and
two (2) members shall be appointed to an initial term that will expire on June 30 of each
subsequent year. Initial appointments to a term of two years or less shall not have the initial
term count for purposes of the eight-year term limit.
G.Rules
The Commission shall hold regular meetings as required by ordinance of the City
Council, and such special meetings as such commissions may require. All proceedings shall be
open to the public.
At the first regular meeting, and subsequently at the first regular meeting of each year
following the first day of July of every year, members of the Privacy Advisory Commission shall
select a chairperson and a vice chairperson.
The Commission shall adopt rules for the government of its business and procedures in
compliance with the law. The Commission rules shall provide that a quorum of the Privacy
Advisory Commission is five people.
Pursuant to Article VI, Section 603 of the City Charter, the Commission shall have the
same power as the City Council to compel the attendance of witnesses, to examine them under
oath and to compel the production of evidence before it.
Section II. Privacy Advisory Commission: Duties and
Functions
A.Duties and Functions
The Privacy Advisory Commission shall:
1.Provide advice and technical assistance to the City on best practices to protect resident
and visitor privacy rights in connection with the City’s acquisition and use of surveillance
technology.
2.Conduct meetings and use other public forums to collect and receive public input on the
above subject matter.
3.Review Surveillance Impact Reports and Surveillance Use Policies for all existing and
new surveillance technology and make recommendations prior to the City seeking
solicitation of funds and proposals for surveillance technology.
4.Submit annual reports and recommendations to the City Council regarding:
4
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 9 of 95
a.The City’s use of surveillance technology; and
b.Whether new City surveillance technology privacy and data retention policies
should be developed, or existing policies should be amended.
c.Provide analysis to the City Council of pending federal, state, and local legislation
relevant to the City’s purchase and/or use of surveillance technology.
d.The Privacy Advisory Commission shall make reports, findings, and
recommendations either to the City Manager or the City Council, as appropriate.
The Commission shall present an annual written report to the City Council. The
Commission may submit recommendations to the City Council following
submission to the City Manager.
B.Meetings and Voting
The Commission shall meet at an established regular interval, day of the week, time, and
location suitable for its purpose. Such meetings shall be designated regular meetings. Other
meetings scheduled for a time or place other than the regular day, time and location shall be
designated special meetings. Written notice of special meetings shall be provided to the
Commission members, and all meetings of the Commission shall comport with any City or State
open meetings laws, policies, or obligations.
The Commission shall, in consultation with the City Manager, establish bylaws, rules and
procedures for the conduct of its business by a majority vote of the members present. Voting
shall be required for the adoption of any motion or resolution. Any action by the Commission
shall be approved by a majority of members present, provided a quorum exists.
C.Staff
Staff assistance may be provided to the Board as determined by the City Manager,
pursuant to his or her authority under the Charter to administer all affairs of the City under his or
her jurisdiction.
Section III. Severability
If any portion of this Ordinance, or its application to any person or circumstance, is for
any reason held to be invalid, unenforceable or unconstitutional, by a court of competent
jurisdiction, that portion shall be deemed severable, and such invalidity, unenforceability or
unconstitutionality shall not affect the validity or enforceability of the remaining portions of the
Ordinance, or its application to any other person or circumstance. The City Council of the City of
Chula Vista hereby declares that it would have adopted each section, sentence, clause or
phrase of this Ordinance, irrespective of the fact that any one or more other sections,
sentences, clauses or phrases of the Ordinance be declared invalid, unenforceable or
unconstitutional.
5
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 10 of 95
Section IV. Construction
The City Council of the City of Chula Vista intends this Ordinance to supplement, not to
duplicate or contradict, applicable state and federal law and this Ordinance shall be construed in
light of that intent.
Section V. Effective Date
This Ordinance shall take effect and be in force on the thirtieth day after its final
passage.
Section VI. Publication
The City Clerk shall certify to the passage and adoption of this Ordinance and shall
cause the same to be published or posted according to law.
Presented by:Approved as to form by
________________________________________________________
Maria Kachadoorian Glen R. Googins
City Manager City Attorney
6
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 11 of 95
Surveillance & Community Safety Ordinance
(Revised - July 15, 2022)
ORDINANCE ADDING CHAPTER XXXX TO THE CHULA VISTA
MUNICIPAL CODE ESTABLISHING RULES FOR THE CITY’S
ACQUISITION AND USE OF SURVEILLANCE TECHNOLOGY
WHEREAS, the City of Chula Vista (“City”) takes great public pride in its status as a
Welcoming City and as a Smart City; and
WHEREAS, smart public safety decisions and the protection of all community members
require that municipalities ensure public debate and community involvement in decisions about
whether to acquire or use surveillance technology; moreover, that real public safety requires that
residents have a voice in these decisions; and
WHEREAS, across the U.S. cities that have adhered to a “privacy bill of rights” approach
are able to win public support in implementing the technology with proper safeguards in place to
build trust. Alternatively, cities that implement new technology in secrecy, without oversight,
without policy, and without broad and inclusive public input have found themselves facing
scrutiny, lawsuits, and voter referendums to ban certain technologies.
WHEREAS, the City Council finds it is essential to have an informed public debate as
early as possible about decisions related to the City’s acquisition and use of surveillance
technology; and
WHEREAS, the City Council finds that, while the use of surveillance technology may
threaten the privacy of all citizens, throughout history, surveillance efforts have been used to
intimidate and oppress certain communities and groups more than others, including those that
are defined by a common race, ethnicity, religion, national origin, income level, sexual
orientation or political perspective; and
WHEREAS, while acknowledging the significance of protecting the privacy of citizens,
the City Council finds that surveillance technology may also be a valuable tool to bolster
community safety and aid in the investigation and prosecution of crimes; and
WHEREAS, the City Council finds that surveillance technology includes not just
technology capable of accessing non-public places or information (such as wiretaps) but also
may include technology which aggregates publicly available information, because such
information, in the aggregate or when pieced together with other information, has the potential
to reveal a wealth of detail about a person’s familial, political, professional, religious, or sexual
associations; and
1
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 12 of 95
WHEREAS, the City Council finds that no decisions relating to the City’s use of
surveillance technology should occur without strong consideration being given to the impact
such technologies may have on civil rights and civil liberties, including those rights guaranteed
by the California and United States Constitutions; and
WHEREAS, the City Council finds that any and all decisions regarding if and how the
City’s surveillance technologies should be funded, acquired, or used should include meaningful
public input and that public opinion should be given significant weight in policy decisions; and
WHEREAS, the City Council finds that legally enforceable safeguards, including robust
transparency, oversight, and accountability measures, must be in place to protect civil rights and
civil liberties before any City surveillance technology is deployed; and
WHEREAS, the City Council finds that if a surveillance technology is approved, data
reporting measures must be adopted that empower the City Council and public to verify that
mandated civil rights and civil liberties safeguards have been strictly adhered to.
NOW, THEREFORE, the City Council of the City of Chula Vista does ordain as follows:
Section I. Establishment
A.This Ordinance shall be known as the Surveillance and Community Safety Ordinance.
B.Chula Vista Municipal Code Chapter XXXX,is hereby added as set forth below:
Chapter XXXX. REGULATIONS ON CITY’S ACQUISITION AND USE OF SURVEILLANCE
TECHNOLOGY
C.Definitions
1.“Annual Surveillance Report” means a written report concerning a specific surveillance
technology that includes all the following:
a.A description of how the surveillance technology was used, including the type
and quantity of data gathered or analyzed by the technology;
b.Whether and how often data acquired through the use of the surveillance
technology was shared with internal or external entities, the name of any
recipient entity, the type(s) of data disclosed, under what legal standard(s) the
information was disclosed, and the justification for the disclosure(s) except that
no confidential or sensitive information should be disclosed that would violate
any applicable law or would undermine the legitimate security interests of the
City;
c.Where applicable, a description of the physical objects to which the surveillance
technology hardware was installed without revealing the specific location of such
2
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 13 of 95
hardware; for surveillance technology software, a breakdown of what data
sources the surveillance technology was applied to;
d.Where applicable, a description of where the surveillance technology was
deployed geographically, by each Police Area in the relevant year;
e.A summary of community complaints or concerns about the surveillance
technology, and an analysis of its Surveillance Use Policy and whether it is
adequate in protecting civil rights and civil liberties. The analysis shall consider
whether, and to what extent, the use of the surveillance technology
disproportionately impacts certain groups or individuals;
f.The results of any internal audits or investigations relating to surveillance
technology, any information about violations or potential violations of the
Surveillance Use Policy, and any actions taken in response.To the extent that the
public release of such information is prohibited by law, City staff shall provide a
confidential report to the City Council regarding this information to the extent
allowed by law;
g.Information about any data breaches or other unauthorized access to the data
collected by the surveillance technology, including information about the scope
of the breach and the actions taken in response, except that no confidential or
sensitive information should be disclosed that would violate any applicable law
or would undermine the legitimate security interests of the City;
h.A general description of all methodologies used to detect incidents of data
breaches or unauthorized access, except that no confidential or sensitive
information should be disclosed that would violate any applicable law or would
undermine the legitimate security interests of the City;
I.Information, including crime statistics, that helps the community assess whether
the surveillance technology has been effective at achieving its identified
purposes;
i.Statistics and information about Public Records Act requests regarding the
relevant subject surveillance technology, including response rates, such as the
number of Public Records Act requests on such surveillance technology and the
open and close date for each of these Public Records Act requests;
j.Total annual costs for the surveillance technology,including personnel and other
ongoing costs, and what source of funding will fund the surveillance technology
in the coming year; and
k.Any requested modifications to the Surveillance Use Policy and a detailed basis
for the request.
3
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 14 of 95
2.“City” means any department, unit, program, and/or subordinate division of the City of
Chula Vista as provided by Chapter XXXX of the Chula Vista Municipal Code.
3.“City staff” means City personnel authorized by the City Manager or appropriate City
department head to seek City Council Approval of Surveillance Technology in
conformance with this Chapter.
4.“Community meeting” means a publicly held meeting that is accessible, noticed at least
seventy-two hours in advance in at least two languages, for the purpose of educating
communities, answering questions, and learning about potential impacts of surveillance
technology on disadvantaged groups.
5.“Continuing agreement” means a written agreement that automatically renews unless
terminated by one or more parties.
6.“Exigent circumstances” means a City department’s good faith belief that an emergency
involving imminent danger of death or serious physical injury to any individual requires
the use of surveillance technology that has not received prior approval by City Council.
7.“Facial recognition technology” means an automated or semi-automated process that
assists in identifying or verifying an individual based on an individual’s face.
8.“Individual” means a natural person.
9.“Personal communication device” means a mobile telephone, a personal digital
assistant, a wireless capable tablet and a similar wireless two-way communications
and/or portable internet-accessing device, whether procured or subsidized by a City
entity or personally owned, that is used in the regular course of City business.
10.“Police area” refers to each of the geographic districts assigned to a Chula Vista Police
Department captain or commander and as such districts are amended from time to time.
11.“Surveillance” (or “spying”) means to observe or analyze the movements, behavior, data,
or actions of individuals. Individuals include those whose identity can be revealed by
data or combinations of data, such as license plate data, images, IP addresses, user
identifications, unique digital identifiers, or data traces left by the individual.
12.“Surveillance technology” means any software (e.g., scripts, code, Application
Programming Interfaces), electronic device, or system utilizing an electronic device
used, designed, or primarily intended to observe, collect, retain, analyze, process, or
share audio, electronic, visual, location, thermal, olfactory, biometric, or similar
information specifically associated with, or capable of being associated with, any
individual or group. It also includes the product (e.g., audiovisual recording, data,
analysis, report) of such surveillance technology. Examples of surveillance technology
include, but are not limited to the following: cell site simulators (Stingrays); automated
license plate readers; gunshot detectors (ShotSpotter); drone-mounted data collection;
4
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 15 of 95
facial recognition software; thermal imaging systems; body-worn cameras; social media
analytics software; gait analysis software; video cameras that can record audio or video
and transmit or be remotely accessed. It also includes software designed to monitor
social media services or forecast and/or predict criminal activity or criminality, and
biometric identification hardware or software.
“Surveillance technology” does not include devices, software, or hardware, unless they
have been equipped with, or are modified to become or include, a surveillance
technology beyond what is set forth below or used beyond a purpose as set forth below:
a.Routine office hardware, such as televisions,computers, credit card machines,
badge readers, copy machines, and printers, that is in widespread use and will
not be used for any public surveillance or law enforcement functions related to
the public;
b.Parking Ticket Devices (PTDs) used solely for parking enforcement-related
purposes, including any sensors embedded in parking sensors to detect the
presence of a car in the space;
c.Manually-operated, non-wearable, handheld digital cameras, audio recorders,
and video recorders that are not designed to be used surreptitiously and whose
functionality is limited to manually-capturing and manually-downloading video
and/or audio recordings;
d.Surveillance devices that cannot record or transmit audio or video or be remotely
accessed, such as image stabilizing binoculars or night vision goggles;
e.Manually-operated technological devices used primarily for internal municipal
entity communications and are not designed to surreptitiously collect surveillance
data, such as radios and email systems;
f.City databases that do not contain any data or other information collected,
captured, recorded, retained, processed, intercepted, or analyzed by surveillance
technology, including payroll, accounting, or other fiscal databases;
g.Medical equipment used to diagnose, treat, or prevent disease or injury, provided
that any information obtained from this equipment is used solely for medical
purposes;
h.Police department interview room cameras;
i.City department case management systems;
j.Personal Communication Devices that have not been modified beyond stock
manufacturer capabilities in a manner described above;
5
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 16 of 95
k.Surveillance technology used by the City solely to monitor and conduct internal
investigations involving City employees, contractors, and volunteers; and,
l.Systems, software, databases, and data sources used for revenue collection on
behalf of the City by the City Treasurer, provided that no information from these
sources is shared by the City Treasurer with any other City department or
third-party except as part of efforts to collect revenue that is owed to the City.
14. “Surveillance Impact Report” means a publicly-posted written report including, at a
minimum, the following:
a.Description: Information describing the surveillance technology and how it
works, including product descriptions from manufacturers;
b.Purpose: Information on the proposed purposes(s) for the surveillance
technology;
c.Location: The physical or virtual location(s)it may be deployed, using general
descriptive terms, and crime statistics for any location(s);
d.Impact: An assessment of the Surveillance Use Policy for the particular
technology and whether it is adequate in protecting civil rights and liberties
and whether the surveillance technology was used or deployed, intentionally
or inadvertently, in a manner that may disproportionately affect marginalized
communities;
e.Mitigations: Identify specific, affirmative technical and procedural measures
that will be implemented to safeguard the public from each identified impact;
f.Data Types and Sources: A list of all types and sources of data to be
collected, analyzed, or processed by the surveillance technology, including
open source data, scores, reports, logic or algorithm used, and any additional
information derived therefrom;
g.Data Security: Information about the controls that will be designed and
implemented to ensure that adequate security objectives are achieved to
safeguard the data collected or generated by the surveillance technology
from unauthorized access or disclosure;
h.Fiscal Costs and Sources: The forecasted, prior, and ongoing fiscal costs for
the surveillance technology, including initial purchase, personnel, and other
ongoing costs, and any past, current or potential sources of funding;
6
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 17 of 95
i.Third-Party Dependence: Whether use or maintenance of the surveillance
technology will require data gathered by the surveillance technology to be
handled or stored by a third-party vendor at any time;
j.Alternatives: A summary of all alternative methods (whether involving the use
of a new technology or not) considered before deciding to use the proposed
surveillance technology, including the costs and benefits associated with each
alternative and an explanation of the reasons why each alternative is
inadequate;
k.Track Record: A summary of the experience (if any) other entities, especially
government entities, have had with the proposed technology, including, if
available, quantitative information about the effectiveness of the proposed
surveillance technology in achieving its stated purpose in other jurisdictions,
and any known adverse information about the surveillance technology such
as unanticipated costs, failures, or civil rights and civil liberties abuses,
existing publicly reported controversies, and any court rulings in favor or in
opposition to the surveillance; and
l.Public engagement and comments: A description of any community
engagement held and any future community engagement plans, number of
attendees, a compilation of all comments received and City departmental
responses given, and City departmental conclusions about potential
neighborhood impacts and how such impacts may differ as it pertains to
different segments of the community that may result from the acquisition of
surveillance technology.
15. "Surveillance Use Policy" means a publicly-released and legally-enforceable policy
for use of the surveillance technology that at a minimum specifies the following:
a.Purpose: The specific purpose(s) that the surveillance technology is intended
to advance;
b.Use: The specific uses that are authorized, and the rules and processes
required prior to such use;
c.Data Collection: The information that can be collected, captured, recorded,
intercepted, or retained by the surveillance technology, as well as data that
might be inadvertently collected during the authorized uses of the
surveillance technology and what measures will be taken to minimize and
delete such data. Where applicable, any data sources the surveillance
technology will rely upon, including open source data, should be listed;
7
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 18 of 95
d.Data Access: The job classification of individuals who can access or use the
collected information, and the rules and processes required prior to access or
use of the information;
e.Data Protection: The safeguards that protect information from unauthorized
access, including logging, encryption, and access control mechanisms;
f.Data Retention: The time period, if any, for which information collected by the
surveillance technology will be routinely retained, the reason such retention
period is appropriate to further the purpose(s), the process by which the
information is regularly deleted after that period lapses, and the specific
conditions that must be met to retain information beyond that period;
g.Public Access: A description of how collected information can be accessed or
used by members of the public, including criminal defendants;
h.Third Party Data Sharing: If and how information obtained from the
surveillance technology can be used or accessed, including any required
justification or legal standard necessary to do so and any obligations imposed
on the recipient of the information;
i.Training: The training required for any individual authorized to use the
surveillance technology or to access information collected by the surveillance
technology;
j.Auditing and Oversight: The procedures used to ensure that the Surveillance
Use Policy is followed, including internal personnel assigned to ensure
compliance with the policy, internal recordkeeping of the use of the
surveillance technology or access to information collected by the surveillance
technology, technical measures to monitor for misuse, any independent
person or entity with oversight authority, and the legally enforceable sanctions
for violations of the policy; and
k.Maintenance: The procedures used to ensure that the security and integrity of
the surveillance technology and collected information will be maintained.
Section II. Privacy Advisory Commission
(“Commission”) Notification and Review Requirements
A.Commission Notification Required Prior to City Solicitation of Funds and Proposals for
Surveillance Technology.
1. City staff shall notify the Chair of the Commission by written memorandum along with
providing a Surveillance Use Policy and a Surveillance Impact Report prior to:
8
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 19 of 95
a.Seeking or soliciting funds for surveillance technology, including but not limited to
applying for a grant;
b.Soliciting proposals with any entity to acquire, share or otherwise use
surveillance technology including the information it provides; or
c. Formally or informally facilitating in a meaningful way or implementing surveillance
technology in collaboration with other entities, including City ones.
2. Upon notification by City staff, the Chair of the Commission shall place the item on the
agenda at the next Commission meeting for discussion and possible action. At this
meeting, City staff shall present the Commission with evidence of the need for the funds
or equipment, or shall otherwise justify the action City staff will seek Council approval for
pursuant to Section III.
3. The Commission may make a recommendation to the City Council by voting for
approval to proceed, by objecting to the proposal, by recommending that the City staff
modify the proposal, or by taking no action.
4. If the Commission votes to approve, object, or modify the proposal, City staff may
proceed and seek City Council approval of the proposed surveillance technology
initiative pursuant to the requirements of Section III. City staff shall present to City
Council the result of the Commission’s review, including any objections to the proposal.
5. If the Commission does not make its recommendation on the item within 90 calendar
days of notification to the Commission Chair, City staff may proceed and seek City
Council approval of the proposed Surveillance Technology initiative pursuant to the
requirements of Section II.
B.Commission Review and Approval Required for New Surveillance Technology Before City
Council Approval
1. Prior to seeking City Council approval under Section III, City staff shall submit a
Surveillance Impact Report and a Surveillance Use Policy for the proposed new
surveillance technology initiative to the Commission for its review at a publicly noticed
meeting. The Surveillance Impact Report and Surveillance Use Policy must address the
specific subject matter specified for each document as set forth in Section I.
2. The Commission shall approve, modify, or reject the proposed Surveillance Use
Policy. If the Commission proposes that the Surveillance Use Policy be modified, the
Commission shall propose such modifications to City staff. City staff shall present such
modifications to the Commission for approval before seeking City Council approval
under Section III.
3. Prior to submitting the Surveillance Impact Report, City staff shall complete one or
more community meetings in each City Council district where the proposed surveillance
9
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 20 of 95
technology is deployed, with opportunity for public comment and written response. The
City Council may condition its approval of the proposed surveillance technology on City
staff conducting additional community engagement before approval, or after approval as
a condition of approval.
4. The Commission shall recommend that the City Council adopt, modify, or reject the
proposed Surveillance Use Policy. If the Commission proposes that the Surveillance Use
Policy be modified, the Commission shall propose such modifications to City staff. City
staff shall present such modifications to City Council when seeking City Council approval
under Section III.
5. If the Commission does not make its recommendation on a presented item within 90
days of notification to the Commission Chair pursuant to Section II, City staff may seek
City Council approval of the item.
6. City staff seeking City Council approval shall schedule for City Council consideration
and approval of the proposed Surveillance Use Policy, and include Commission
recommendations, at least fifteen (15) days prior to a mandatory, properly noticed,
germane public hearing. Approval may only occur at a public hearing.
C.Commission Review Requirements for Existing Surveillance Technology Before Seeking City
Council Approval
1. Prior to seeking City Council approval for existing City surveillance technology used
by the City under Section III, City staff shall submit a Surveillance Impact Report and
Surveillance Use Policy for each existing surveillance technology to the Commission for
its review, and for the public’s review, at least fifteen (15) days prior to a publicly noticed
meeting, so the public can prepare for and participate in the Commission meetings. The
Surveillance Impact Report and Surveillance Use Policy shall address the specific
subject matters set forth for each document in Section I.
2. Prior to submitting the Surveillance Impact Report, City staff shall complete one or
more community meetings in each City Council district where the proposed surveillance
technology is deployed with opportunity for public comment and written response. The
City Council may condition its approval on City staff conducting additional outreach
before approval, or after approval as a condition of approval.
3. Prior to submitting the Surveillance Impact Report and proposed Surveillance Use
Policy as described above, City staff shall present to the Commission, and for public
review, a list of all surveillance technology possessed and/or used by the City.
4. The Commission shall rank the surveillance technology items in order of potential
impact to civil liberties to provide a recommended sequence for items to be heard at
Commission meetings. The Commission shall take into consideration input from City
10
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 21 of 95
staff on the operational importance of the surveillance technology in determining the
ranking to allow such matters to be heard in a timely manner.
5. Within sixty (60) days of the Commission’s action in Section II(C)(4), and continuing
every month thereafter until a Surveillance Impact Report and a Surveillance Use Policy
have been submitted for each item of the list, City staff shall submit at least one (1)
Surveillance Impact Report and one (1) proposed Surveillance Use Policy per month to
the Commission for review, generally beginning with the highest ranking surveillance
technology items as determined by the Commission.
6. If the Commission does not make its recommendation on any item within 90 days of
submission to the Commission Chair, City staff may proceed to the City Council for
approval of the item pursuant to Section III.
Section III. City Council Approval Requirements for New
and Existing Surveillance Technology
A. City staff shall obtain City Council approval prior to any of the following:
1. Accepting local, state, or federal funds, or in-kind or other donations for surveillance
technology;
x2. Acquiring new surveillance technology, including but not limited to procuring such
technology without the exchange of monies or consideration;
3. Using existing surveillance technology, or using new surveillance technology, including
the information the surveillance technology provides, for a purpose, in a manner, or in a
location not previously approved by the City Council pursuant to the requirements of this
ordinance; or
4. Entering into a continuing agreement or written agreement with to acquire, share or
otherwise use surveillance technology or the information it provides, including
data-sharing agreements.
5. Notwithstanding any other provision of this section, nothing herein shall be construed
to prevent, restrict or interfere with any person providing evidence or information derived
from surveillance technology to a law enforcement agency for the purposes of
conducting a criminal investigation or the law enforcement agency from receiving such
evidence or information.
B.City Council Approval Process
1. After the Commission notification and review requirements in Section II have been
met, City staff seeking City Council approval shall schedule a date for City Council
consideration of the proposed Surveillance Impact Report and proposed Surveillance
11
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 22 of 95
Use Policy, and include Commission recommendations, at least fifteen (15) days prior to
a mandatory, properly-noticed, germane public hearing. Approval may only occur at a
public hearing.
2. The City Council shall only approve any action as provided in this Chapter after first
considering the recommendation of the Commission, and subsequently making a
determination that the benefits to the community of the surveillance technology outweigh
the costs; that the proposal will safeguard civil liberties and civil rights; and that, in the
City Council’s judgment, no alternative with a lesser economic cost or impact on civil
rights or civil liberties would be as effective.
3. For Approval of existing surveillance technology for which the Commission does not
make its recommendation within ninety (90) days of review as provided for in Section II:
if the City Council has not reviewed and approved such item within four (4) City Council
meetings from when the item was initially scheduled for City Council consideration, the
City shall cease its use of the surveillance technology until such review and approval
occurs.
C.Surveillance Impact Reports and Surveillance Use Policies as Public Records
1.Unless otherwise provided in this Ordinance, Surveillance Impact Reports and
Surveillance Use Policies are public records.
2.City staff shall make all Surveillance Impact Reports and Surveillance Use Policies, as
updated from time to time, available to the public as long as the City uses the
surveillance technology in accordance with its request pursuant to Section II.
3.City staff shall post all Surveillance Impact Reports and Surveillance Use Policies to the
City’s website with an indication of its current approval status and the planned City
Council date for action.
Section IV.Use of Unapproved Surveillance Technology
during Exigent Circumstances
A. City staff may temporarily acquire or use surveillance technology and the data derived from
that use in a manner not expressly allowed by a Surveillance Use Policy only in a situation
involving exigent circumstances.
B. If City staff acquires or uses a surveillance technology in a situation involving exigent
circumstances, City staff shall:
1.Immediately report in writing the use of the surveillance technology and its justifications
to the City Council and the Commission;
2.Use the surveillance technology solely to respond to the exigent circumstances;
3.Cease using the surveillance technology when the exigent circumstances end;
12
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 23 of 95
4.Only keep and maintain data related to the exigent circumstances and dispose of any
data that is not relevant to an ongoing investigation or the exigent circumstances; and
5.Following the end of the exigent circumstances, report the temporary acquisition or use
of the surveillance technology for exigent circumstances to the Commission in
accordance with Section II of this ordinance at its next meeting for discussion and
possible recommendation to the City Council.
C. Any surveillance technology acquired in accordance with exigent circumstances shall be
returned within thirty (30) calendar days following when the exigent circumstances end, unless
City staff initiates the process set forth for the use of the surveillance technology by submitting a
Surveillance Use Policy and Surveillance Impact Report for Commission review within this
30-day time period. If City staff is unable to meet the 30-day deadline, City staff shall notify the
City Council, who may grant an extension. In the event that City staff complies with the 30-day
deadline or the deadline as may be extended by the City Council, City staff may retain
possession of the surveillance technology, but may only use such surveillance technology
consistent with the requirements of this Ordinance.
Section V. Oversight Following City Council Approval
A.Annual Surveillance Report
1. For each approved surveillance technology item, City staff shall present a written
Annual Surveillance Report for the Commission to review within one year after the date
of City Council final passage of such surveillance technology and annually thereafter as
long as the surveillance technology is used.
2. If City staff is unable to meet the annual deadline, City staff shall notify the
Commission in writing of staff’s request to extend this period, and the reasons for that
request. The Commission may grant a single extension of up to sixty (60) calendar days
to comply with this provision.
3. After review of the Annual Surveillance Report by the Commission, City staff shall
submit the Report to the City Council.
4. The Commission shall recommend to the City Council: (a) that the benefits to the
community of the surveillance technology in question outweigh the costs and that civil
liberties and civil rights are safeguarded; (b) that use of the surveillance technology
cease; or (c) propose modifications to the corresponding Surveillance Use Policy that will
resolve any identified concerns.
5. If the Commission does not make its recommendation on the item within 90 calendar
days of submission of the Annual Surveillance Report to the Commission Chair, City staff
may proceed to the City Council for approval of the Annual Surveillance Report.
B.Summary Of All Requests And Recommendations And City Council Determination
13
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 24 of 95
1. In addition to the above submission of any Annual Surveillance Report, City staff shall
provide in its report to the City Council a summary of all requests for City Council
approval pursuant to Section III for that particular surveillance technology and the
pertinent Commission recommendation, including whether the City Council approved or
rejected the proposal and/or required changes to a proposed Surveillance Use Policy
before approval.
2. Based upon information provided in the Annual Surveillance Report and after
considering the recommendation of the Commission, the City Council shall revisit its
“cost benefit” analysis as provided in Section III(B)(2) and either uphold or set aside the
previous determination. Should the City Council set aside its previous determination, the
City’s use of the surveillance technology must cease. Alternatively, City Council may
require modifications to a particular Surveillance Use Policy that will resolve any
concerns with the use of a particular surveillance technology.
Section VI. Enforcement
A.Violations of this article are subject to the following remedies:
1. Any material violation of this Ordinance, or of a Surveillance Use Policy promulgated
pursuant to this Ordinance, constitutes an injury and any person may institute
proceedings for injunctive relief, declaratory relief, or writ of mandate in the Superior
Court of the State of California to enforce this Ordinance. An action instituted under this
paragraph shall be brought against the City of Chula Vista and, if necessary, to
effectuate compliance with this Ordinance or a Surveillance Use Policy (including to
expunge information unlawfully collected, retained, or shared thereunder), any other
governmental agency with possession, custody, or control of data subject to this
Ordinance, to the extent permitted by law.
2. Any person who has been subjected to the use of surveillance technology in material
violation of this Ordinance, or of a material violation of a Surveillance Use Policy, or
about whom information has been obtained, retained, accessed, shared, or used in
violation of this Ordinance or of a Surveillance Use Policy promulgated under this
Ordinance, may institute proceedings in the Superior Court of the State of California
against the City of Chula Vista and shall be entitled to recover actual damages (but not
less than liquidated damages of $1,000 or $100 per day for each day of violation,
whichever is greater).
3. A court may award costs and reasonable attorneys' fees to the plaintiff who is the
prevailing party in an action brought under paragraphs A(1) and A(2) under Section VI
above.
14
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 25 of 95
Section VII. Contract for Surveillance Technology
A.Contracts and agreements for surveillance technology
1.It shall be unlawful for the City to enter into any contract or other agreement for
surveillance technology that conflicts with the provisions of this Ordinance. Any
conflicting provisions in any such contract or agreements, including but not limited to
non-disclosure agreements, shall be deemed void and legally unenforceable. Any
amendment or exercise of any option to any contract to obtain or use surveillance
technology shall require City staff to comply with the provisions of this Ordinance.
2.To the extent permitted by law, the City shall publicly disclose all of its surveillance
contracts, including any and all related non-disclosure agreements, if any, regardless of
any contract terms to the contrary.
Section VIII. Whistleblower Protections
A. Neither the City nor anyone acting on behalf of the City may take or fail to take, or threaten to
take or fail to take, a personnel action with respect to any employee or applicant for
employment, including but not limited to discriminating with respect to compensation, terms and
conditions of employment, access to information, restrictions on due process rights, or civil or
criminal liability, because:
1.The employee or applicant was perceived to, about to, or assisted in any lawful
disclosure of information concerning the funding, acquisition, or use of a surveillance
technology or surveillance data based upon a good faith belief that the disclosure
evidenced a violation of this Ordinance; or
2.The employee or applicant was perceived to, about to, had assisted in or had
participated in any proceeding or action to carry out the purposes of this Ordinance.
B. It shall be grounds for disciplinary action for a City employee or anyone else acting on behalf
of the City to retaliate against another City employee or applicant who makes a good-faith
complaint that there has been a failure to comply with any Surveillance Use Policy or
administrative instruction promulgated under this Ordinance.
C. Any employee or applicant who is injured by a violation of this Section may institute a
proceeding for monetary damages and injunctive relief against the City in any court of
competent jurisdiction.
15
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 26 of 95
Section IX. Review of Existing Surveillance Use Policies
and Adoption as Ordinances
A. Surveillance technology is considered existing if the City possessed, used, or has a contract
in force and effect for the use of surveillance technology, or any resulting data, on the effective
date of this Ordinance.
B. The requirement for City staff to present a list of all existing surveillance technology and,
once ranked, to seek monthly Commission review and approval for the use of existing
surveillance technology shall begin within sixty (60) days after the effective date of this
Ordinance.
C. As per Section II, City staff shall return to City Council with an ordinance or ordinances for
adoption and codification under the Chula Vista Municipal Code of all Surveillance Use Policies,
but only after proper Commission and City Council review of any Surveillance Use Policies for
existing surveillance technology, and with a 15-day public notice period in each instance to allow
the public to prepare and participate in the meetings.
Section X. Severability
If any portion of this Ordinance, or its application to any person or circumstance, is for
any reason held to be invalid, unenforceable or unconstitutional, by a court of competent
jurisdiction, that portion shall be deemed severable, and such invalidity, unenforceability or
unconstitutionality shall not affect the validity or enforceability of the remaining portions of the
Ordinance, or its application to any other person or circumstance. The City Council of the City of
Chula Vista hereby declares that it would have adopted each section, sentence, clause or
phrase of this Ordinance, irrespective of the fact that any one or more other sections,
sentences, clauses or phrases of the Ordinance be declared invalid, unenforceable or
unconstitutional.
Section XI. Construction
The City Council of the City of Chula Vista intends this Ordinance to supplement, not to
duplicate or contradict, applicable state and federal law and this Ordinance shall be construed in
light of that intent.
Section XII. Effective Date
This Ordinance shall take effect and be in force on the thirtieth day after its final
passage.
16
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 27 of 95
Section XIII. Publication
The City Clerk shall certify to the passage and adoption of this Ordinance and shall
cause the same to be published or posted according to law.
Presented by Approved as to form by
____________________________________________________________________
Maria Kachadoorian Glen R Googins
City Manager City Attorney
17
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 28 of 95
1
Jeremy Ogul
From:Michael McDonald < >
Sent:Monday, August 1, 2022 1:21 PM
To:privacytaskforce@chulavistaca.gov
Subject:7/27 Community Meeting - Technology & Privacy Advisory Task Force
Dear Task Force members,
I attended the community forum on July 27, 2022 and would like to provide my feedback about the meeting for your
attention and the record.
I was in Raf's (Rafael?) group and takeaways were as follows:
1. Most of the conversation was dominated by one person in particular who claimed he had prior experience with
Chula Vista government and politics. He traded a lot of questions and remarks with the moderator and it
appeared that Raf was in a defensive position the whole time instead of taking notes and facilitating a
discussion. I'm not sure if there was an overall plan for the discussion groups prior to this meeting, but I did not
feel the conversation was productive for all of us and I felt some members did not have a chance to voice their
opinions, ideas and experiences. Please be mindful of individuals dominating the conversation and guide the
conversation and take notes rather than taking any position that could be perceived as bias towards the City or
the police department and allow others to share as well.
2. Based on the results of the survey in the beginning of the meeting, the majority of the attendants were over 40
years of age and were either white or white presenting. This was not representative of the population of Chula
Vista or the demographics of the communities where these technologies are used the most. This was apparent
in our discussion as all members of my group were concerned with issues surrounding personal property, which
limited the scope and reach of these technologies and the broader issues relating to the communities that are
most impacted, the unhoused in Chula Vista, young people in underserved communities and so forth. Without
adequate representation of residents of Chula Vista at these meetings, including those that were formerly
incarcerated, young people of color and those that are most impacted by the use of surveillance technologies is
a disservice to this Task Force and will produce inaccurate data that is collected for the purpose of policy
making.
3. This leads to my next not which is the discussion question about how to get more people to attend the
meetings. As I'm aware, the City may already employ a marketing/PR team that could contract with a consultant
or hire more people to figure out ways to attract and incentivize more people, especially from the communities
where this technology is most deployed, to attend the meetings. This could mean being more transparent about
how this technology is used, how many drones the PD currently deploys to neighborhoods and what is done
with the data collected. There could be an outreach team visiting local junior and high schools to talk with
students or attend after school programs in the area. These ideas were not discussed because the conversation
was only regarding what has already been done and doing more of that ex. sending mailers to homes. I was
disappointed that the moderator only shared this idea to the rest of the attendants at the end and not the
majority of the conversation about confusion and concerns the group members had.
4. Finally, our group although limited in focus on personal privacy concerns did offer valid questions about past
events about how this contract was approved, current data collection and management processes and future
use of these technologies. The moderator appeared to take the position of representing the City by trying to
answer questions about the contract, police protocols and data collection practices and the policy proposals
they came up with. I expected the moderator to ask the questions and take notes about what questions and
concerns that were raised. As soon as he tried to answer the initial questions about the contract, the group
Warning:
External
Email
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 29 of 95
2
assumed that he represented the City and continued to ask questions and this was not a productive
conversation.
Thank you for your time and attention to my feedback. I hope to participate in future meetings and events surrounding
this topic.
Best,
Michael McDonald
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 30 of 95
Technology and Privacy Advisory Task Force
Meeting Summary
July 18, 2022
Task Force members present: City staff and consultants present:
Mae Case
Rafal Jankowski, Co-Chair
Dominic LiMandri
Lucia Napolez
Art Pacheco
Pedro Rios
Sophia Rodriguez, Chair
Maria Whitehorse
Maria Kachadoorian
Dennis Gakunga
Glen Googins
Adrianna Hernandez
Jeremy Ogul
Additional staff as noted in Item 4.2
Task Force members absent:
Petrina Branch
Carlos De La Toba
Patricia Ruiz
Charles Walker
1. CALL TO ORDER
Chair Rodriguez called the meeting to order at 6:01 p.m.
2. ROLL CALL
Adrianna Hernandez called the roll.
3. PUBLIC COMMENTS
Public comments were received from Marla Kincaid.
4. PRESENTATIONS
4.1. CHECK-IN WITH THE CITY MANAGER
Maria Kachadoorian provided brief remarks regarding the role of the Task Force, the role of the City
Manager, and the process following the Task Force’s submission of policy recommendations. Task
Force members engaged in a dialogue of questions and answers with the City Manager.
4.2. CITY DEPARTMENT BRIEFINGS
Courtney Chase provided a presentation on the use of technology and data in the Human Resources
Department. Task force members engaged in a dialogue of questions and answers regarding the
presentation. Erin Dempster responded to some of the questions.
Adrian Del Rio and Victor De La Cruz provided a presentation on the technologies used and types of
data gathered in the Finance Department, as well as an overview of the City’s procurement process.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 31 of 95
Task force members engaged in a dialogue of questions and answers regarding the presentation. Meya
Alomar responded to some of the questions.
Tiffany Allen provided brief remarks on the technologies used and data gathered by the Development
Services Department.
Stacey Kurz provided a presentation on technology and data management in the Housing Division.
Task force members engaged in a dialogue of questions and answers regarding the presentation.
4.3. REVIEW PLANS FOR COMMUNITY MEETINGS
Jeremy Ogul provided brief remarks outlining plans for the upcoming community meetings on July
27 and 28 and ask for support from task force members.
5. BUSINESS ITEMS
5.1. RECEIVE AND FILE MEETING SUMMARIES
Jeremy Ogul presented the meeting summaries from the June 8 and June 27 meetings of the task
force. Task force members had no questions or comments on the meeting summaries as presented.
6. WORK SESSION
6.1. WORK SESSION #1
Task force members discussed their priorities for elements to include in the policy recommendations.
The conversation focused on the role of the Chief Privacy Officer and the role and composition of a
Privacy Advisory Board. Glen Googins answered questions and provided feedback during the
discussion.
7. ADDITIONAL PUBLIC COMMENTS
A written public comment card from Dr. Robert Lee Brown was submitted.
8. STAFF COMMENTS
None.
9. TASK FORCE MEMBER COMMENTS
None.
10. ADJOURNMENT
The meeting was adjourned at 9:48 p.m.
- Meeting summary prepared by Jeremy Ogul
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 32 of 95
1
MEMORANDUM
TO: Jim Madaffer and Jeremy Ogul, Madaffer Enterprises
FROM: John Nienstedt and Rachel Lawler
RE: Chula Vista Privacy Focus Group Research – Full Report
DATE: Friday, July 29, 2022
INTRODUCTION
The City of Chula Vista, home to more than 265,000 residents, is San Diego County’s second-largest city.
It is currently considering implementing new privacy policies to better protect residents’ personal
information, while also striving for more transparency around its data collection practices. The City of
Chula Vista Technology & Privacy Advisory Task Force, a group of Chula Vista residents and subject
matter experts, was formed. It will help develop comprehensive policy recommendations on technology
oversight and privacy for City Council review by the fall of 2022.
The City retained Madaffer Enterprises to assist the Task Force. In turn, Madaffer hired Competitive
Edge Research & Communication, Inc. (CERC) to conduct research in two phases. The quantitative
survey phase is complete and is now being followed by focus groups to gain a deeper understanding of
resident concerns and preferences that emerged in the survey. After conducting four focus groups in
English, the City decided to conduct two additional groups with Spanish-speaking residents. Together,
these pieces of research will provide valuable information addressing residents’ privacy concerns as well
as informing the development of thorough, effective, and broadly accepted City privacy policies.
Focus group research explores the rationales for opinions and attitudes; it does not infer from measured
data to the larger population. The richness of this research method comes from observing how people
react to stimuli, in hearing them talk, and observing how they formulate their opinions. The proceedings
are context-based and not statistically projectable to the views of an entire group of people.
The ongoing health concerns related to the COVID-19 pandemic made it necessary to hold the sessions
online instead of in-person. We recruited and validated participants for full groups of six to eight.
Participants were also screened for articulation. Eight qualified participants were seated in Groups 1 and
2, seven were seated in Group 3 and although eight were initially seated in Group 4, one participant
chose to leave the group after several minutes. Eight participants were seated in Group 5 and seven
were seated in Group 6, though one participant in each group chose to leave during the session. The
English-language groups were moderated by John Nienstedt, a professional moderator and pollster. The
Spanish-language groups were moderated by Cris Bain-Borrego, a bilingual professional moderator
skilled in conducting groups with Latinos. The discussion guide was principally designed by Nienstedt,
Jim Madaffer and Jeremy Ogul of Madaffer Enterprises, with input from the Task Force. It was also
reviewed by City staff. Bain-Borrego translated all materials necessary for the Spanish groups.
• Groups 1: Chula Vista residents who think the City is doing less than a “very good” job at keeping
personal information private
• Group 2: Chula Vista residents who think the City is doing better than a “very bad” job at
keeping personal information private
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 33 of 95
2
• Group 3: Chula Vista residents who think the City is doing a “good” job at keeping personal
information private or are unsure about that
• Group 4: Chula Vista residents who think the City is doing a “bad” job at keeping personal
information private or are unsure about that
• Group 5: Chula Vista Spanish-speaking residents who think the City is not doing a “bad” job at
keeping personal information private
• Group 6: Chula Vista Spanish-speaking residents who think the City is not doing a “good” job at
keeping personal information private
The table below highlights select participant demographics. Groups 1, 2, and 5 were balanced by
gender, while Groups 3 and 4 tilted slightly more female; Group 6 contained only 1 male. Ages of
participants in all groups skewed toward middle-aged or younger. Also, majorities in all six groups
were ethnically non-White.
GROUP 1 GROUP 2 GROUP 3 GROUP 4 GROUP 5 GROUP 6 TOTAL
Male 4 4 3 3 3 1 18
Female 4 4 4 4 4 5 25
White 3 1 1 1 0 0 6
Non-White 5 7 6 6 7 6 37
18-34 2 3 4 3 0 1 13
35-54 6 3 1 2 5 5 22
55+ 0 2 2 2 2 0 8
OBJECTIVES
These focus groups are designed to:
• Explore privacy issues and concerns related to Chula Vista government
• Develop suggestions for privacy policies
EXECUTIVE SUMMARY
• Housing affordability, crime and public safety, and homelessness are the top issues residents feel
local officials should be most focused on. Privacy issues were not mentioned, so they are not top of
mind in the community.
• Knowledge of privacy issues looks to be limited to drones and automated license plate readers.
However, most residents do not intuitively link either of these programs to confidentiality concerns.
• Across all our groups, “no news is good news” is the prevailing attitude when it comes to whether
the City’s privacy and confidentiality polices are working or not. Absent a significant public data
breach, residents will assume Chula Vista takes the necessary steps to secure their personal data.
• Only two participants experienced a serious data breach or invasion of privacy – in this case, identity
theft. Consequently, participants currently do not show widespread urgency around privacy issues.
• An overall lack of awareness about how Chula Vista handles sensitive data is evident.
• Only one participant across all six groups claimed to be formally involved with Chula Vista’s boards
and commissions. Almost none expressed a desire to sign up.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 34 of 95
3
• Most felt the City of Chula Vista does not effectively communicate with residents about civic
engagement opportunities. Emails and social media posts on community pages were the most
popular suggestions for increasing involvement and essentially amounted to “do a better job getting
the word out about privacy issues.”
• Spanish language participants voiced a desire for local officials to get out into the Latino community
more as a way to draw attention to privacy issues and policies.
• Spanish language participants were generally remarkably similar in their perspectives, desires, and
tone to English language participants. Notable exceptions:
o Word-of-mouth appears to be a more important source for local information
o Spam calls are seen as invasion of privacy
o More focus on punishing bad actors who violate privacy rules
o More focus on the City getting consent from residents who share their information or
whose images are captured on video
• There was lack of consensus on whether certain ethnic groups are singled out by Chula Vista law
enforcement. Some rejected that notion while others told vivid stories regarding instances when
they felt profiling occurred.
• On their own, participants surfaced many ideas on what the City could do to address privacy issues
• The policies adopted by Seattle (posting privacy rules and regulations on the City’s website) and
Oakland (its privacy advisory board) were generally applauded. However, Berkeley’s banning of
facial recognition technology was very controversial. While some participants saw the virtue of a
ban, more felt that went too far and would not help Chula Vista deal effectively with crime.
• Top policy prescriptions (in order of popularity):
1. Chief Privacy Officer
2. Enhanced Training
3. A Privacy Oversight Board
4. More City Council Oversight of Privacy-relate Expenditures
5. Anonymizing Data
• Mid-level policy prescriptions:
6. Data Sharing with 3rd Parties (law enforcement “yes,” commercial entities “no”
7. Minimizing Data Collection
8. Regular Audits
9. Time Limits on Data Retention
• Unpopular policy prescription
10. Equitable Deployment of Technology
OBSERVATIONS
John and Cris began the groups with a warm-up exercise by asking everyone to introduce themselves
and share where they get their local news about their community. Most participants are longtime Chula
Vista residents, averaging nearly two decades in the city. Although there were a few newer arrivals,
most have been in the area for more than 10 years and several natives reported moving back to Chula
Vista after living elsewhere.
News sources varied across online, social media, print, word of mouth, television, and radio platforms.
Most participants mentioned watching local TV news. The most popular stations were the local affiliate
stations of NBC Channel 7 (x9), CBS Channel 8 (x7), FOX Channel 5 (x6), and ABC Channel 10 (x5);
independent KUSI (x3) and local public TV station KPBS (x1) were also mentioned. Online sources like
Google or Apple newsfeeds (x8) were very common, with social media sites Facebook (x12), YouTube
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 35 of 95
4
(x4), and Nextdoor (x4) being used frequently. Other social media mentioned included (Instagram (x3),
Reddit (x1), and Twitter (x1). Newspapers were used by only a few participants (either print or online),
and mentions were evenly split between the Union Tribute (x2) and The Star News (x2). Radio stations
(x4) in general were also less widespread, while one person said they tuned into NPR. Five people told
us they get their local news by word of mouth from family, friends, neighbors, and colleagues. Within
the Spanish groups there was a heavy reliance on online and social media sources (Facebook, Instagram,
and Whats App groups), as well as on-line parent groups. Word of mouth was also popular, and many
got their local information from family. South Bay Community Services came up three times as a source;
not a surprise because at least three participants were promotoras from that organization. TV was also
part of the overall mix, with FOX mentioned a few times, NBC cited a couple times and KUSI mentioned
once.
ISSUES
Participants were then asked to voice the top issues they feel local officials should be most focused on.
Once we tallied the results, it’s apparent Chula Vista generally has three key areas residents are most
concerned about: housing affordability, crime and public safety, and homelessness.
Housing affordability tops the list with the most mentions. Although the issue dominated the
conversation in almost every group, it was notably absent from Group 3 whose concerns were more
varied. Many elevating this issue shared impassioned views about how the difficult housing market
impacts them personally.
The interlinked issues of crime and public safety and homelessness tie for the runner-up spots on the
list. Both were brought up in all six groups, so these are widespread affecting Latino and non-Latino
community. One participant reported experiencing or hearing about a lot of property crimes in his area
of Chula Vista, saying there are “break-ins and porch pirates” and the police “aren’t investigating very
often.” Another said he has seen “lots of drug use” on the westside. A spike in similar occurrences near
where one woman lives made her want to see “more police presence,” while another woman
questioned whether there are “enough law enforcement officers to handle Chula Vista’s growth.”
Homelessness is closely tied to a perceived rise in crime – “homelessness brings crime increases” – but
residents are also worried about other aspects such as a lack of homelessness programs and the visual
stain it leaves on the community. Women tended to focus on homelessness more often. As one woman
emphatically stated, “everywhere I go there’s always homeless people – the parks, streets, fast food
places, supermarkets, restaurants…they need more programs or to improve the ones they have” while
Jodi remarked that she would like to see “more help with mental health and homelessness.” Another’s
concerns focused on local schools: “Homelessness around the elementary schools – there’s needles and
trash, and teachers and students are not feeling secure at school, it’s really growing.” Based on our
discussions, concerns about homelessness seem to permeate all corners of the City, but especially the
westside.
Schools, business development, infrastructure, visual blight, the cost of living, and environmental issues
were other issues named by more than one person but are much less pervasive than the top three
issues mentioned.
No one mentioned privacy issues, so it is not top of mind in the community. Even those in Groups 4 and
6 who are not upbeat about the City managing personal information did not mention privacy during the
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 36 of 95
5
discussion of important issues. Amid a plethora of issues that impact everyday life – inflation, record-
high gas prices, homelessness, housing, and spiking crime – privacy concerns are not front and center.
When John and Cris probed on the issue, it was clear folks want their data to be secure and residents
will welcome new or updated privacy policies designed to protect them and their personal data, but
they aren’t clamoring for it. However, sentiment could swiftly change if the City of Chula Vista were to
experience a serious data breach.
KNOWLEDGE OF PRIVACY ISSUES
Next, the moderators asked whether anyone has been exposed to privacy issues related to the City and
whether they have knowledge of specific steps or measures the City has taken to keep personal
information confidential. A female in Group 2 remembered hearing about the Chula Vista Police
Department being hacked in 2020 in which some personal information was leaked, but no one else
could recall specific data leaks from the City. Only a few people were able to identify any steps Chula
Vista has taken to keep data safe. No one in the Spanish-language groups was aware of any specific
measures intended to keep personal information secure. In fact, most participants were initially slow to
acknowledge the importance of privacy as an issue when asked about it directly. One Latina said,
“you’ve got to say to people, ‘hey, did you know that [privacy issue]…?’ Only then will people know
there’s a potential problem.” To the minimal extent that other residents are cognizant of privacy issues,
this knowledge looks to be limited to drones and automated license plate readers.
Drones
Only two participants mentioned the Chula Vista Police Department’s drones, unprompted, in
connection with residents’ privacy and confidentiality. A highly talkative and informed Group 1
participant was the only one who spontaneously recalled anything: “I read something about that. The
police have large drones that they fly to almost every call. They are recording every time they are flying.
An advocacy group got involved and want to know how they are protecting the data they collect.” This
summary spurred recollection for everyone in Group 1. In Group 3, a Chula Vista native and highly
engaged participant was the only other person to spontaneously mention anything about the drones
saying, “The police radio scanner has been encrypted. They also now have a drone which is receiving a lot
of criticism because people say it impacts their privacy, but it’s only used in certain cases.” Once
prompted, five of the eight Group 2 members also expressed familiarity with the police drones, although
this only happened to one participant each in Groups 3 and 4. Two panelists recalled hearing drones
near their homes but assumed they were private aircraft unrelated to law enforcement efforts. Most
participants only connected the drones to personal privacy once they are asked about it directly. Even a
male participant who lives “close to the police station” where there is “a high level of drone traffic” did
not instinctively connect the dots between the two. There is very little evidence suggesting residents are
frequently and intuitively equating drones to an invasion of privacy or confidentiality concerns.
Automated License Plate Readers
Automated license plate readers are another aspect of the privacy issue that most participants in the
groups were aware of but do not instinctively link to confidentiality. A lot of folks admitted to knowing
about them once asked by John or Cris, and their privacy worries focused on possible errors resulting
from cameras doing the job of law enforcement officers as well as their potential misuse by police. As
one man put it, “I don’t think it’s appropriate for law enforcement to start running people’s info without
a reason.” There was also some confusion in Group 4 about exactly what these cameras are, as three
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 37 of 95
6
commented about the cameras on the SR-125 toll road. They tended to focus on the need for
automated plate readers due to the toll requirement, not to fight crime or ensure public safety, so
linking “cameras” to law enforcement is not top-of-mind for these participants. That said, automated
license plate cameras generally don’t sit well with some participants, with one commenting, “I get the
intent behind the license plate scanners, but it is a bit invasive to scan everyone.” However, their anxiety
tends to stem from the potential for data to be misused by law enforcement agencies for unrelated
incidents and crimes, rather than the prospect that it will find its way into nefarious hands. Although
some don’t love the cameras, many also acknowledged their good crimefighting intent.
Are the City’s Confidentiality Policies Working?
When it comes to whether the City’s policies designed to keep personal information confidential are
working, most couldn’t give a firm “yes” or “no” answer. Instead, the prevailing sentiment was “in the
absence of news to the contrary – citizens’ privacy is not being undermined.” Although some
participants were more hesitant than others to completely trust that their information is safe, this
attitude dominated all six groups. One woman embodied this belief, saying, “I think you just assume the
City is keeping your information secure. It’s not something I give a second thought to,” while another
echoed, “I assume it’s working. I trust that they do but maybe I’m being gullible.” For Chula Vistans, “no
news is good news” when it comes to their personal data being kept secure.
One of the less-trusting participants remarked, “I don’t trust that any of our information is completely
private. I highly doubt it will be completely private. I’m not confident with some of the leadership in
Chula Vista. I don’t know how tech savvy they are.” However, because most participants weren’t aware
of any City data breaches, lack of faith was limited. Absent a major public breach, it’s likely most
residents will continue assuming Chula Vista takes the necessary precautions to protect their personal
data. On the other hand, should a breach occur, residents will quickly lose confidence in the City’s ability
to protect sensitive information.
Experiences with Data Breaches
Part of the current lack of urgency around privacy issues can be attributed to most participants not
having any personal experience with serious data breaches or invasions of privacy. In total, about half
the participants reported experiencing some type of breach or privacy violation, but only two people
had serious personal incidents. The most common of the lesser offenses that were mentioned include
credit card fraud, theft of mail or personal documents, email or cell phone data breaches, and personal
information being used for marketing purposes without consent. These events were very common and
came up in all six groups. One also recalled an experience where a drone – which he did not identify as
belonging to law enforcement or a private citizen – hovered near his girlfriend’s house and pointed a
camera toward her windows for roughly 15 minutes which he deemed “a huge invasion of privacy.” His
story drew sympathetic nods from the group, but he was the only one to mention this type of
occurrence. Although unpleasant, most of these can be considered ordinary hassles that most people
will face at some point in their life and people tend to “come out relatively unscathed.”
The same cannot be said, however, for two women who had their identities stolen (it should be noted
that two Group 4 participants also confirmed close family members had their identities stolen, although
the participants themselves were not victims). Both detailed a life-altering experience with one
describing how the thieves “took my social security number and withdrew from my retirement. Now I
have more worry with that type of invasion – that’s your whole life. It impacts everything. I had to close
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 38 of 95
7
bank accounts every time I opened them.” One participant’s personal information was hacked through
an employer payroll data breach that “resulted in identity theft that took quite a long time to fix. My
employer outsourced payroll and after this happened, they brought it in-house. It caused tremendous
anxiety. They wiped out my checking and savings accounts. I had to open new accounts at a new bank. I
still have a lot of anxiety knowing I’m on the dark web – they have my social security number and date of
birth.” Unlike the summaries given by those who suffered through less severe violations, it was clear
these egregious infringements are still taking both tangible and intangible tolls on the two women in
question. People are used to dealing with minor episodes of credit card theft and unsolicited
advertising, but identity theft is a whole different kettle of fish. While smaller hacks will certainly erode
resident trust, the fallout would not be nearly as dire as if identities were stolen because of a breach of
City data.
Evaluations of City Efforts to Keep Personal Information Confidential
In the next exercise, John and Cris asked participants to evaluate how well the City of Chula Vista is
doing in keeping certain types of personal information confidential.
Voluntary Information
When it comes to the City keeping information that is voluntarily given to it confidential – such as the
payment of parking fines, dog licenses, and recreation class sign ups – most participants have no idea
whether Chula Vista is doing a good or bad job. The rationale among the few folks who had a positive
opinion mostly hinged – once again – on the idea of “no news is good news” with one commenting, “I
haven’t heard about anything on the news, and I have read about other breaches from companies like T
Mobile. So, I feel like I would have heard about it if it happened with the City.” Another Spanish-speaking
participant said that because she isn’t aware of any breaches, the City is most likely “using the
information it collects with good intentions and with the purpose for which it was intended to be used.”
A few people did explain that they had positive personal experiences. One related that she has “applied
for classes and not had my information used for anything nefarious,” but these tangible proof points of
the City doing a good job with this type of data were few and far between. No one voiced solidly
negative reviews, but the bulk of positive and neutral opinions were based on assumptions.
Involuntary Information
On the other hand, reactions to whether the City is doing a good or bad job keeping involuntarily given
information private – such as when the police use license plate readers to scan for stolen vehicles –were
much more of a mixed bag. Groups 1 and 4 – where a majority felt Chula Vista is doing a bad job – were
mostly critical. The very nature of information being taken from people without their knowledge or
consent evidently breeds more hostile views from the get-go.
Rationales for negative views tended to fall into four buckets, the first being concerns about the City
staffs’ technological prowess. One woman recalled from her personal experience working for the police
department that “the tech support they have is not always up to date to keep security in place and things
can get leaked or end up in another database – I’ve seen that in personal experience. They have
information you aren’t aware they are collecting so you don’t even know to ask if they are collecting it.”
Another echoed this sentiment saying, “older generations don’t have as much understanding of tech and
that could lead to something being vulnerable.”
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 39 of 95
8
A lack of transparency was another cause for concern. A retired park ranger for the City of San Diego
explained, “there is quite a bit of info the public doesn’t know we gather; they would be surprised. If
something went wrong, they would never know.” Another woman was dismayed because residents
“don’t know where data is stored. If it is stored elsewhere (off site) that should be public knowledge,”
while one woman articulated, “although we don’t hear anything, but we don’t know what we don’t
know. The biggest thing is a lack of transparency in what they do with their data or how they are
updating their systems. You never hear about that – you hear about it from other companies, but never
Chula Vista.”
Several participants were also worried about this type of data being used for “bad motives” outside of
its intended purpose. When probed further, “bad motives” can be described as using or selling
confidential data – two panelists adamantly believed private data is being sold by the City – for targeted
advertising, immigration enforcement, vehicle speed traps, or political targeting – ala “IRS targeting of
political dissidents.” Using private data for essentially anything outside of its original intent is
unacceptable to these participants. However, many folks in this category also acknowledged there are
good motives for capturing and recording involuntary data, so they don’t have a purely pessimistic
outlook. “Good motives” that were mentioned include Amber Alerts, tracking and locating criminals,
monitoring pedestrian and traffic patterns, and their ability to help prevent vehicle accidents.
Finally, the assumption rationale comes into play again. Although they have no concrete evidence, a few
people assume the City is not doing a good job keeping this type of data safe. For example, one stated,
“I have no reason to believe it’s being used inappropriately. But I know when humans have access to
data, there is potential for misuse. But I have nothing to base my opinion on.” Another extrapolated
from a past unrelated experience saying, “I don’t trust anyone because my information has been stolen
by someone I was very close with.”
On the other end of the spectrum, majorities in Groups 2, 3, 5, and even 6 felt positively – or at the very
least, indifferent – about City keeping involuntary information confidential. But again, these views are
usually based on assumptions that a good job was being done because they hadn’t been notified of any
misuse or breach of private data. One summed up this mentality nicely saying, “I think they are doing
OK, but we don’t know for sure if they have been breached.” Only a few of the rationales were based on
concrete examples, and these were limited to two Spanish speakers in Groups 5 and 6 who happily cited
personal experiences whereby crimes were resolved thanks to license plate scanners and video camera
images that proved their innocence.
Video Imagery
Next, John and Cris posed the same question about video imagery and data – such as on traffic poles,
police drones, or body worn cameras, and many participants were upbeat about the City’s efforts with
this data. One believes the City does a good job saying, “it’s almost impossible to view any of the footage
from city cameras; it takes a court order.” Two participants recalled their personal conversations with
law enforcement personnel that left them with the impression that this type of data is treated with
integrity and is heavily guarded and very secure. A few participants parroted the same “no news is good
news” trope – so again, some opinions are based heavily on assumptions. Group 5 was perhaps the
most positive, initially. One man said the police are using the video for the reason intended and none
think the video surveillance is more targeted at Latinos. As the discussion went on, one woman joked
about surveillance, offering, “what if I was cheating on my husband and they had video of that?” That
brought laughs but led to one participant commenting that “everything is already public, just don't add
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 40 of 95
9
to the problem by releasing my private info.” Group 5 hadn’t been thinking much about privacy, but then
once they talked about it, they began to see the possibilities of abuse, ala “now that you mention it."
A large share of participants – including majorities in Groups 4 and 6 – didn’t initially have much to say
about the video images. Group 4 members largely felt their knowledge about the confidentiality
practices was insufficient to make a judgement. Conversely, some in Group 6 said it’s fine as long as
Chula Vista was “controlling it.” Another commented that “it cuts both ways” in that they value the law
enforcement aspects, but also see how drones and body cameras could be abused. One offered that he
has heard about drone footage on the Internet: “Chula Vista stores videos and then the video is gone…
it's kinda strange, because the video isn't then used to hold people accountable.” This then prompted a
discussion that clearly revealed some distrust of the police. One said, “police use it [video] to protect
themselves. They only release the video to prove they didn't do anything wrong,” and that elicited nods
from around the screen. All except Bryan felt police might be manipulating the information to their
favor: “they [police] use it [video] to their benefit.” These suspicions seemed natural for a group
comprised of participants who do not think the City is protecting data well, in general.
Only two participants surfaced overtly distrustful views, saying, “Even though they haven’t been released
to public, personnel in city can share it. They can take a picture with their cell phone and share it – I’ve
seen it done,” and people have “no idea what info is taken, where it goes, etc.…you just do not know.”
An overall lack of awareness about how Chula Vista handles sensitive data was evinced. Even those who
think it does a good job are relying on the flimsy “no news is good news” rationale. The moment any
news comes out about a video breach and leak, residents will become seriously concerned.
Singling Out of Certain Groups
Because “Chula Vista has a lot of diversity,” hardly anyone in Groups 1 or 2 felt certain groups are
singled out more than they should be by police. Among the few who thought this does happen, the
more common belief was that this happens to homeless people or people with mental health issues
rather than people of a certain race or ethnicity. Only one participant mentioned that Latinos are
targeted more than others, saying she had seen “DUI checkpoints that turn out to be checkpoints for
legal status, registration checks, etc. They primarily target Hispanic people so they can check their
immigration status.” More prevalent – though still only voiced by a couple of participants – was the idea
that the police aren’t targeting the bad guys or following up on crime enough.
Although a Latino in Group 3 agreed that Chula Vista is a “mixed pot of people,” participants in Groups 3
and 4 were much more likely to think certain groups are singled out by the police. African Americans
and Latinos were the primary targets mentioned, although Asian Americans/Pacific Islanders and
homeless individuals also came up. One White woman in Group 4 told a poignant story in this regard.
She described how she – despite having two motorcycle cops behind her – was not stopped when she
had 13 kids in her car and then told us her husband, who is a Pacific Islander with a goatee, was pulled
over for minor and unobvious infractions.
In the first of the two Spanish sessions, the drone section led to a fascinating discussion of whether
Chula Vista police are singling out groups. The less skeptical Group 5 didn’t focus on ethnicity, they
perceived it was a “look” that got unwarranted attention from the police. One said that the police “focus
on tattoos and people who are not clean cut rather than the guy in the suit.” Another backed that up
saying he’ll “see the police cars around the tattooed guy and interrogating him.” Only one participant
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 41 of 95
10
mentioned multiple police cars patrolling Latino neighborhoods, but no other heads nodded at that
point. Another panelist thought she was targeted but that was in San Diego, raising the prospect of
residents conflating issues across agencies and municipalities. In sum, only two of the seven in Group 5
thought ethnic/racial targeting was occurring.
It was a different story in the more critical Group 6. One Latina felt there's more patrols now that there
are more Mexicans and people of color in her neighborhood. Another participant believed there's a lot
of force being used against certain ethnic groups. One participant’s Mexican brother, who has darker
skin than she does, was stopped because, they said, he fit the physical appearance, so they interrogated
him. This vivid memory did not sit right with the sister. This brought us back to the drones. A young
Latina in Group 6 felt the drones are singling out Latinos. She claimed 90% are Latino in her area, “and
you see a lot of police activity.” Police-worn body cameras again came in for criticism, and some felt
video might catch bad police behavior more often, “but police can turn on and off the body cams” when
they feel like it and the group felt that’s not right. Only one Group 6 participant, who essentially opined
that the police aren't really singling out Latinos – “there's just more Latinos in Chula Vista” – didn’t think
racial targeting is going on.
Ideation
John and Cris followed this up by asking participants what should be done to keep these three types of
information safe and private. As part of an “easel exercise,” they shared their screen and typed
participants’ suggestions into three separate lists.
Keeping Personal Information That You Give the City Private
Suggestions for keeping voluntary information private tended to fall into three buckets: technology
upgrades, explicit policies about data access, and personnel roles and responsibilities. Importantly, even
though John and Cris emphasized that the suggestions – at this point – were specifically for voluntary
information, the participants generally did not differentiate their ideas based on the type of data being
captured. Instead, they made suggestions that can apply to any kind of data the City holds, with the
exception of the “opt out” option which can realistically only be applied to voluntarily given information.
(Note that suggestions appearing across multiple categories are marked with an *asterisk and should be
considered priority items.)
Data Access and Usage Policies
Most suggestions fall under this umbrella, and every group proposed at least one idea in this category.
Suggestions that the City of Chula Vista may want to consider include:
• *Increase transparency through disclosure of all data Chula Vista has, where it is stored, who
has access to it, and who it is shared with. A version of this recommendation came up in all six
groups and was easily the most frequent answer given. Transparency was one of the most
common themes throughout the groups. Participants also indicated they would like this
information to be easily available to the public and suggested the City website and community
social media pages as potential mediums. One participant provided an example of how she
would like this information laid out saying, “when we collect xx, we keep it for xx amount of time
and then we do xx with your personal data.”
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 42 of 95
11
• *Establish data expiry dates and deleting extraneous data. This popular suggestion was cited in
multiple groups. Although proposals for the appropriate storage length varied from days to
years, the intent was clear: Chula Vista should not hold personal data in perpetuity. Deleting
superfluous data – even that which is done before the data expiry date – is another related
aspect residents would like to see come to fruition. This was an especially potent idea among
the folks who generally distrusted the City’s data practices.
• *Ban data sales to third parties. The City may already have a ban in place, but some residents
still believe their personal data is being sold. If the City does sell data, residents will not tolerate
that. Participants were clear this ban should not apply to sharing information with other law
enforcement agencies for the purposes of solving crimes, locating missing people or fugitives,
etc. However, they are opposed to this information being used for the purposes of looking for
crime or immigration status checks.
• Allow residents to “opt out.” Having an “opt out” option for information voluntarily submitted
to the City was another suggestion that came up in several of the sessions. This option would
allow residents to dictate whether or not the City could store their personal information. Not
only would this increase transparency, but it would also give residents more control over their
personal information.
Implementing privacy agreements, allowing individuals to access the personal data the City holds on
them, and applying stringent access permission standards also came up – and may be worth
considering – but were each only mentioned by one group.
Technology Upgrades
Upgrades to existing technology are, perhaps, one of the most tangible and logical changes suggested.
This category earned mentions from every group except Group 6. Suggestions that the Task Force may
want to consider include:
• Implement two-step (multi-factor) verification for anyone trying to access data files. Multi-
factor authentication is defined as “an electronic authentication method in which a user is
granted access to a file, website, or application only after successfully presenting two or more
pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.”
This is fast becoming the norm for accessing sensitive data. Entities not using this technology
may soon be seen as more vulnerable to hacks.
• *Better file encryption. Details from the four groups who suggested this were light – after all,
most are not coders or IT professionals. However, there was a strong desire that the City use
comprehensive and modern encryption methods when collecting personal data, if it doesn’t
already do so.
Storing confidential data on standalone networks like the military’s SIPPER and NIPPER networks and
controlling access to data through chip-encrypted ID cards were both brought up in Group 1.
Personnel Roles and Responsibilities
Changes to City personnel roles and responsibilities received fewer mentions overall.
• *Increase cyber security resources in the form of additional staff members. Alternatively,
creating a role specifically to protect confidential information – such as a Chief Privacy Officer
(CPO) – and answer for data breaches and leaks came up in two of the groups. An increasing
number of companies and municipalities are employing CPOs. A related suggestion was to
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 43 of 95
12
require any City employee who deals with personally identifiable information be licensed to do
so.
• *Hold “best practices” training for employees who handle sensitive data. Participants who
brought this up were adamant such training be kept current and required on an annual or
biennial basis.
• *Hold staff accountable for privacy violations. Ensuring that the consequences for violations
are well known to staff, and then carrying out the specified punishments when breaches occur
was more popular in the Latino groups.
Gathering community feedback prior to contracting with companies that collect and store data as well
as having an *independent agency review and audit privacy protocols were suggestions that did not fit
into any of the three categories and received one mention each.
Keeping Personal Information That the City Collects Private
Recommendations for keeping involuntary information private were sparser, and it was clear that
participants struggled to come up with recommendations because most of their key ideas were already
captured in the previous category. Ideas that came up again and overlap with the voluntary data
category include strict access protocols, data expiration dates, greater transparency around collection
practices, increased accountability for data misuse, better digital security programs, more staff in cyber
security roles, conducting independent audits, and holding regular employee trainings.
Suggestions that are unique to the involuntary information category include:
• Keep two databases. One database would house voluntary information given to the city, while
the other would house involuntary information which would require stricter security protocols.
• Only store data that is connected to ongoing legal proceedings. Because this data is taken
without the individual’s consent, some participants felt there is no need for the City to retain
information that is not linked to an ongoing investigation or legal case. This suggestion may be a
difficult-to-implement double-edged sword because it may be impossible to know if data will be
relevant to a future case.
• Require permission and/or notify the individual for third-party use of the data. This includes
any use of the data outside the parameters for which it was collected, including sharing with
other law enforcement agencies.
• Use different colors to distinguish official police drones. This suggestion came specifically from
Spanish-speaking Group 6, and the participant felt this would help people more easily
distinguish between personal and law enforcement drones. This man felt using a bright, easily
noticeable color – and clearly letting residents know about this identifying feature – may help
folks quickly recognize official drones.
• Ban cameras being pointed at windows or private (non-public) areas. When this
recommendation surfaced, it was acknowledged that residents would feel more comfortable if
they are certain that police or security cameras are not encroaching on their reasonable right to
privacy on their property. This suggestion is also relevant to the next category – keeping video
which the City collects private.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 44 of 95
13
Keeping Video the City Collects Private
Like we saw previously, many ideas for keeping video the City collects private overlap with other data
categories including data expiry dates, storing data in a secure location, bans on third party sales, strict
access protocols, and greater transparency and accountability for misuse.
Suggestions that are unique to the video category include:
• Save only the drone footage capturing the incident in question, not the drone’s entire trip to
and from the police station. Participants felt keeping footage of the entire flight was
unnecessary. Limiting drone video to the incident minimizes the chances that uninvolved
persons will be negatively impacted should a breach occur.
• Blur out/remove persons not involved in the incident from any saved footage. Folks felt there
was no need for uninvolved individuals to have their image remain on stored video. The worry is
that, should the video be released – either intentionally or unintentionally – people who have
nothing to do with the incident will be negatively impacted through their assumed involvement
or potentially misidentified.
• Notify (or attempt to notify) all people in the video – whether involved in the incident or not –
that they are in the video.
• Do not use facial recognition software. Only one group was adamant on this point.
• Ensure footage is not manipulated in any way. Use of selective editing or any attempts to use a
video to fit a narrative were looked down upon.
• Publicly release video only for serious crimes, when searching for dangerous criminals, or in
cases of police misconduct. Participants felt that limiting public release to only these instances
helps keep resident privacy intact and lessens the risk of misidentification and potentially
unwarranted negative impacts on uninvolved persons. Having a legal team review the footage
for risks before it is released was also suggested.
In general, it’s encouraging to see many of the same suggestions appear across all six groups.
Examples of What Other Cities are Doing
To help participants get a grasp on what policies to protect sensitive information actually look like, John
and Cris gave three examples of policies that have been implemented elsewhere and asked folks to
comment on what they liked and disliked about them.
Seattle – Keeping the Records You Give the City Confidential
Seattle’s privacy policies detailing what personal information citizens voluntarily give the City and how it
uses that information are on its website. For example, it lets people know that their cell phone location
could be used to help the City monitor traffic conditions. [removed for Groups 5 and 6]
This policy was broadly well-received given the widespread desire for increased transparency
surrounding personal data. One of Group 2’s participants captured this sentiment and appreciated that
“they are making the effort to be transparent.” One man was even more enthusiastic about it saying,
““Great idea. They should have a website that discloses all the info they capture and why. Also include
HOW they do it.”
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 45 of 95
14
Although there was little pushback to the policy, there was some resistance to the use of a website to
communicate with residents. One commented, “it’s nice that they post it, but I think a billboard would
be more effective than a website,” while one suggested using bulletins or a “pay wall” where site visitors
first watch video about how data is used before moving on to the website. Hispanic residents in Groups
5 and 6 were especially concerned about a website “that would be long and wordy, difficult to find, and
generally inaccessible,” and one participant wondered whether the information would be available in
Spanish.
Berkeley – Keeping Private the Information the City Collects
Berkeley bans the City’s use of any facial recognition technology. City leaders point out that facial
recognition systems sometimes incorrectly identify people as criminals and that the artificial intelligence
behind the technology can be biased.
This policy is divisive and clearly cuts both ways. Many participants – including most Hispanic panelists –
are totally on board with facial recognition technology. They see it as “another tool” to use to fight crime
and some pointed out it doesn’t need to be “definitive” in terms of identifying criminals. One ethnically
White female who opposed this policy used an example to illustrate her point by saying, “If children are
taken across state lines, every resource needs to be used. Limit it yes; ban no” while another White male
opponent felt “there is no reason to eliminate it, but many reasons to depend on it to an extent.”
Those on the other side of the fence typically argue artificial intelligence is not advanced enough yet to
100% accurately identify people which might “open a Pandora’s box for litigation issues.” Rather than
concerns about racial bias, most – but not all -- opposition was rooted in the technology not yet being as
good as it needs to be. Even when specifically asked about the potential for racial bias, participants
generally didn’t see it that way, including most participants in Groups 5 and 6 who did not believe that
facial recognition systems, nor the artificial intelligence behind this technology, is biased and faulty. As
one of these folks pointed out, “it’s less biased than people making decisions.” One woman also pushed
back on the policy by saying, “they used to use physical pictures; those can also be biased, and they could
identify the wrong person.”
Digging a little deeper, John asked respondents who favored a ban on facial recognition on the grounds
that technology is not advanced enough yet whether they would change their tune once technology
improves. Interesting, most hinted that, if and when the artificial intelligence is more reliable, they’d
want Chula Vista to use it. As one woman put it, “The technology is still growing, and the artificial
intelligence is still learning, so it can make errors right now. But maybe in 5 to 10 years it might be a
different story.” Although these participants softened toward the idea of using facial recognition
software in the future, one still took issue with banning it until it improves and used advances in DNA to
illustrate her point: “I don’t think they should ban it – it’s another tool. It just needs to improve. Like
DNA. We need all the help we can get when it comes to crime.”
Given the rift this policy elicited, Chula Vista probably does not want to take a hard stand in either
direction at this time. Banning facial recognition completely will be perceived as abandoning a helpful
crime fighting tool, but relying on it as the sole source of identification is too risky given the abilities of
current AI technology. Finding a happy medium and using the software sparingly and only when
necessary is a good bet for the time being. As technology improves, the City can ramp up its use
accordingly.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 46 of 95
15
Oakland – Keeping Video the City Collects Private
Oakland has established a Privacy Advisory Board made up of citizens who formally advise the City about
surveillance technology. City departments that want to start using a new surveillance tool must write a
report and present supporting information to the group, which then makes a recommendation to the
City Council.
Oakland’s Privacy Advisory Board was another well-liked policy with most people across sessions
agreeing Chula Vista should investigate adopting something similar. The only hesitation – which
emerged in all six groups – stems from concerns about who is on the Board, what their motives are, and
whether it would favor the pro- or anti-surveillance contingent. One man opined on this, saying, “Is
everyone on the board from a tech company? Who is on the board? I think it is a good way of
approaching it with the right people on the board. It could go two ways. Like the San Diego Transit Board
seems one sided – very pro public transit. So, this could be similar – like very pro or anti surveillance.”
Several residents also questioned whether board members would be representative of the community,
i.e., will it have Spanish speakers, men and women, people of different racial/ethnic backgrounds,
residents of different socio-economic status and professions, etc.
Some solutions to this anxiety were discussed in several of the groups and included allowing residents to
vote on who fills the board positions and rotating members off the board at regular intervals. One
suggested the latter saying, “This is something we could benefit from providing people were rotated off
the board like every 90 days. The longer people are on, the more opportunity there is for corruption.”
Although his time frame – 90 days – is not realistic, the principle of board term limits is highly popular.
Finally, one participant suggested that the board produce regular data-driven reports; this would give
the board legitimacy and increase transparency in the decision-making process.
Note: The Oakland policy was unintentionally displayed in English during Group 6. After acknowledging
the mistake, the discussion continued and then Cris asked whether participants preferred seeing the
policy in English or Spanish. All but two said either was fine, and, while the other two preferred Spanish,
they felt they would not have a problem with rules written in English.
Privacy Policies
During the next part of the sessions, John and Cris presented different policy ideas which the City of
Chula Vista might adopt. Participants discussed the proposed policies, which came with a line about
potential costs or downsides, for their feedback and then support or opposition on each. Each group
was presented five policies to evaluate and all materials for Groups 5 and 6 were translated and
presented in Spanish (see Appendix C). The policies have been ranked below based on how supportive
residents were of each. Except for the Equitable Deployment of Technology policy, all of the policies we
tested encountered more support than reservations. (Please note that some participants were unsure
how they felt about certain policies and did not vote. As a result, the total number of votes for each
policy may not equal the total number of respondents who were exposed to the policy.)
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 47 of 95
16
Chief Privacy Officer (Groups 2, 4, 6)
“The City would hire a Chief Privacy Officer (CPO) responsible for overseeing all City privacy efforts. The
CPO would be the in-house privacy protection expert who gathers community input and ideas on privacy
and technology, stays up-to-date on the latest developments, is a resource for City staff and helps draft
policies for how technology should be used.
The CPO would be appointed by, and answer to, the City Manager, receive a $170,000 salary and have a
staff of two.”
Support: 18 Oppose/Have Reservations: 3
The most popular policy we tested, participants agreed a person and department to turn to for answers
should a data breach occur would establish accountability for keeping information safe and confidential.
One participant was taken aback that the City did not already have a CPO saying, “I am surprised this is a
proposition; that this is not already a position someone is doing,” while one man remarked, “Make it
someone’s job and hold them accountable through legislation so they need to be on the ball, and there
will be consequences if they were to not do their job.” This was also one of the suggestions made
multiple times when participants were asked for recommendations on how Chula Vista should keep
personal data safe. The one concern that emerged about the position was the potential for cronyism
with the CPO reporting to the City Manager who reports directly to the City Council. Another woman
shared this concern explaining, “The way you get positions in government is who you know. And that is
not a situation where you want to put resident privacy in the hands of three people.” A few people
suggested the CPO should be elected to combat potential cronyism. The consensus was that, regardless
of how people are chosen for this position, the CPO’s office should act with a measure of independence.
Training (Groups 1, 3, 5)
“This policy would mandate annual privacy training for City staff who work with technology on how to
recognize potential privacy issues when considering whether to buy a new type of technology or
software. The City’s lawyers would attend legal training to grow their expertise on recent laws and court
rulings on personal privacy, data collection, etc.
There would be a significant additional cost to the city.”
Support: 17 Oppose/Have Reservations: 2
Mandating annual privacy training for City staff who work with technology was another very popular
“commonsense” policy. Nearly every participant exposed to it favored it and one resident described
good training as “priceless.” It’s also a repeat offender: it was suggested several times by the groups as a
means to keeping personal data safe during the ideation phase. Many participants said they must
complete a similar training in their jobs, and that “Chula Vista is way behind the times if they don’t
already do this.” If the City already has this in place, it should contemplate whether the curriculum
needs to be updated or strengthened to remain current. Communicating with residents about the
training efforts also appears to be important in gaining public trust. The only reservations related to the
potentially high cost of starting a training program, with a couple of folks believing taxpayer dollars
should go towards things such as homelessness, schools, and public services.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 48 of 95
17
Oversight Board (Groups 2, 4, 6)
“This policy would establish a board of community volunteers who would review how the city is using
technology and advise on whether privacy protections are, in their view, working. The board would
recommend to the City Council as to whether the use of a technology is worth the costs and potential
privacy risks.
Members would be required to have expertise in technology or privacy issues.”
Support: 16 Oppose/Have Reservations: 5
Having an oversight board is another well-received policy, but participants typically wanted it fleshed
out. Support generally came down to 1) the board being voluntary and, 2) the need for board members
to have expertise in technology or privacy issues. As a female participant put it, “this is a no brainer that
it would be good.” One man agreed saying, “I think this is the kind of thing we need to implement these
policies. It’s our information they are collecting, so it should be us as a community who decides how it is
used.” Although broadly appealing, a few concerns did crop up. Could a panel of community volunteers
have the knowledge and expertise to make effective recommendations? Will volunteers have access to
confidential information? A few folks suggested assuaging these fears by including non-tech people on
the Board and ensuring all members are thoroughly vetted. Some also felt a member’s tenure should be
brief, with a preference for only a two-year term. Finally, the phrase “community volunteers” tends to
elicit less cynicism about an oversight board than does “citizens” (as used in Oakland’s policy.)
More Oversight by the City Council (Groups 2, 4, 6)
“This policy would require the City Council to review all purchases of technology that collects personal
information. The Council currently only reviews purchases costing hundreds of thousands of dollars and
city employees can make smaller purchases without the Council’s pre-approval.
The policy would result in the City Council reviewing relatively small budget items.”
Support: 14 Oppose/Have Reservations: 5
More oversight is a recurring theme. It’s something that most participants like and all in Spanish
language Group 6 favored making the Council do more work. This policy has far more proponents than
detractors, as supporters tend to see this as “two-fer.” Not only will privacy be enhanced, for them, this
policy is a means for the City Council to curtail needless spending. One noted, “smaller things start
adding up to larger things until it is too late,” and another mentioning it is “very easy for misuse of funds
to happen in small amounts; people get away with it.” Another resident observed that many tech
products “won’t be expensive for very much longer” and therefore will be overlooked when they fall
below the current review threshold. Although she favored the spirit of the policy, one actually felt
review shouldn’t be limited to a dollar amount, rather “the origin of where it is being purchased from; I
don’t want [the equipment or service] coming from a company that has a history of data breaches.”
Among the few opponents, reservations about “red tape and the ability to get things done,” “the effort
is not worth the reward,” it is too “overwhelming” and “time consuming” as well as the potential for the
Council to lose its focus on other big concerns were all mentioned.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 49 of 95
18
Anonymizing Data (Groups 1, 3, 5)
“This policy would require city staff to remove personally identifiable information from data whenever
possible. By “de-identifying” data, this policy would reduce the possibility that data would be stolen or
used inappropriately.
On the other hand, there may be a situation in which knowing who filed a complaint, for example, would
help the City address a problem.”
Support: 13 Oppose/Have Reservations: 5
For most folks, this was a “commonsense” policy although the concerns that some participants raised
are significant. On one hand, this policy is a winner because it aligns with common practices many
participants are aware of at private and public entities. As one man pointed out, “Redacting PII is fairly
common – I expect they should be doing this already. Or I would hope they are. Every agency should be
doing this unless that information is important for WHAT they are doing.” A female participant also
summed up the overall appeal of the policy saying, “I like the idea of removing information that could be
stolen or used inappropriately.” Opponents homed in on the inability to follow up with residents who
make complaints or the potential for crimes to go unsolved due to a lack of identifiable information. As
one man explained, “It’s a lot harder to investigate a complaint if you don’t have the source because not
enough information will be there to begin with. I know from personal experience.” Another backed him
up saying, “I’ve seen anonymous complaints; they are hard to address, and lead to a waste of resources.”
Many of those whose worries hinged on the inability to adequately investigate crimes believed the
benefits of confidentiality do not outweigh the drawbacks of a lack of information that could be used by
law enforcement. Finding a balance between anonymizing data and still being able to follow-up is
generally what our participants want.
Data Sharing (Groups 2, 4, 6)
“This policy would limit Chula Vista’s ability to share with outside third parties the personal information
the City has collected. This policy limits the sharing of license plate data with police departments in other
cities.
Some crimes in other cities would likely go unsolved.”
Support: 12 Oppose/Have Reservations: 7
This policy received majority support as written. However, its popularity ratcheted up if one carve-out is
made: most participants want police departments in other municipalities to have access to the data “for
solving crimes or keeping community safe.” This dovetails completely with the group suggestions that
the City should ban third-party sales but allow exceptions for most law enforcement activities. Law
enforcement is fine, even encouraged; marketing uses are not, as panelists vehemently do not want
their personal data shared commercially. As long as the City sticks to these stipulations, participants
believe this policy will be a success.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 50 of 95
19
Minimizing Data Collection (Groups 1, 3, 5)
“This policy would require that city staff minimize the amount of personal information collected.
According to this policy, if it not absolutely necessary for the City to collect a type of personal
information, then that information would not be collected.
This policy would result in less information for the City to use to make decisions, and it may be impossible
to know what personal information is absolutely necessary for it to do its job.”
Support: 12 Oppose/Have Reservations: 7
Elements of this policy arose during previous exercises, but this version does not perform as strongly as
one might have initially anticipated based on the preceding discussions. While the concept is well-liked,
some felt the language was vague and didn’t include enough detail – after all, what qualifies as
“absolutely necessary?” Others said the very nature of the policy suggests the City is already capturing
and keeping data they don’t need, which didn’t sit well with some: “If the information is not needed,
why do they need to take it?” Still others with reservations also contemplated the data’s potential future
usefulness saying, “I don’t like the idea of minimizing data that would lead to less efficient practices in
the city,” and “data is important. Even if it is not used now, it may be used later down the line when a
new project comes up or another task is needed.” Participants would have benefited from clarifying
language that finds a balance between limiting data collection and having useful data on hand for when
it is needed.
Regular Audits (Groups 2, 4, 6)
“This policy would require the City to retain a privacy auditing firm to regularly review who has access to
data collected by the City and review what data has been viewed, downloaded, or shared, and by whom.
The goal is to help the City proactively identify whether privacy has been or might be compromised.
There would be a significant additional cost to the City.”
Support: 12 Oppose/Have Reservations: 9
Those favoring this policy tended to see it as “commonsense,” saying, “A majority of agencies require a
third party to step in and audit. After people do something for a while, neglect can happen, like people
overlooking things, getting lazy, or watching cat videos at work. And it shouldn’t just be one entity; one
can do the audit for certain period of time and then switch to someone else because that agency also
needs to be kept in check.” The chief criticism of the policy centered on the unknown costs.
Spanish speaking Group 6 brought up an observation: the policy description raised doubts they did not
previously hold about how Chula Vista now collects data, shares data, etc. The wording “regularly review
who has access to data collected by the City and review what data has been viewed, downloaded, or
shared, and by whom. The goal is to help the City proactively identify whether privacy has been or might
be compromised” suggests the City is currently not doing this which sets off alarm bells.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 51 of 95
20
Time Limits on Data Retention (Groups 1, 3, 5)
“This policy would require the City to delete any personal information after one year. Keeping
information only for only a year and then deleting it would lessen the chance that personal information
could be stolen or used inappropriately.
On the other hand, keeping information longer could provide greater benefits, for example, if a crime is
being investigated or a missing person’s report has been filed after a year.”
Support: 12 Oppose/Have Reservations: 9
Given how popular data expiry dates were during the suggestion exercise, it’s surprising to find this
policy is not a superstar. The barrier to wider popularity seems to be the specified duration for which
the data is held by the City. However, residents did express an interest in determining expiration dates
based on the reasoning behind the data being held; an amendment allowing for longer retention for
active criminal investigations was suggested that emerged in three of the groups. Some also suggested
that a year was not long enough because the data could be needed for future investigations, while
others felt a year was entirely too long. Further research is likely needed to determine the optimal data
retention length.
Equitable Deployment of Technology (Groups 1, 3, 5)
“This policy would prohibit the use of technology in ways that might impact certain neighborhoods or
groups. City staff would be required to find alternatives to a particular technology that might
disproportionately impact women, Black residents, or non-English speakers, for example.
On the other hand, there may be no effective alternatives to some technologies and, in the rare instances
that the technology is imperfect, the courts will protect the innocent.”
Support: 0 Oppose/Have Reservations: 15
This policy received no support, as even those who agreed earlier with Berkeley’s ban were not willing
to accept this policy. Participants found it to be “vague,” “confusing,” and “ambiguous” with one
resident not being able to “understand what you are agreeing to.” The word “equitable” also turned
some off with one male participant calling it “BS.” There was also general confusion about how
technology can be biased, with one noting, “the only thing that can be biased is the person behind the
technology.” If that is what this language was trying to get at, it failed.
Community Involvement
Only one participant across all six groups claimed to be formally involved with Chula Vista’s boards and
commissions. One woman reported taking part in volunteer efforts, recounting her time with a City of
Chula Vista volunteer security effort, like a neighborhood watch. She was driven to do so after having
her house broken into twice. A few people expressed some interest in getting involved, but most were
unenthusiastic about doing so. The primary barriers to this sort of civic engagement include a lack of
time and a lack of passion for the subject. A couple of participants already volunteer elsewhere – “I’m
already really committed to my children’s school” – and didn’t want additional responsibilities.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 52 of 95
21
Many folks felt “the City doesn’t do a good job communicating on stuff” and the top suggestions to
encourage more community engagement included emails, mailers, and social media posts. One
proposed a dedicated city website such as “joinCV.com” or “volunteerCV.com” that “makes it easy for
people” to apply to be on committees or find volunteer opportunities. Using community social media
pages – “places where people are going to see it” – to advertise opportunities was the most popular idea
with one participant advocating for “compact outreach,” which he explained is “30-second-long (or less)
outreach for those in the younger generation.” Another recommended including the topics for
discussion for official meetings or on the boards/committees “because I would be interested in certain
topics” and residents might show more interest in attending or signing up to serve on them.
Other suggestions included announcements on the Chula Vista Police Department’s digital billboard and
having informative materials and a physical presence at local street fairs, churches, and schools.
Regardless of the medium used, one man said he would like the public to be made aware of what the
ideas from these types of efforts transform into; for example, what decisions or changes are made from
the findings of these focus groups.
The Spanish language groups tended to focus on what elected officials are doing or not doing. The thing
Group 6 rallied around was they would want to see more of these leaders in their communities (i.e., PTA
meetings, meet and greets, workshops, etc.) where they would be informed and welcomed to the
discussion of city issues. They felt a more frequent physical presence of leaders in Latino neighborhoods
would make them feel that their voices mattered and would lead to more engagement.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 53 of 95
APPENDIX
A
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 54 of 95
Chula Vista Privacy FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Tues/Thurs, June 21 and 23, 2022
1
Tuesday, June 21st
Grp #1 (Q4 = 2 or 3 or 4 or 8): [5:30 SD] Grp #2 (Q4 = 1 or 2 or 3 or 8): [7:30 SD]
Thursday, June 23rd
Grp #3 (Q4 = 1 or 2 or 8): [5:30 SD] Grp #4 (Q4 = 3 or 4 or 8): [7:30 SD]
HOLD
First Name______________________________ Last name ________________________________
Gender = M F Age = 1 2 3 4 Hispanic (Q14) = Yes No
Address ___________________________________________________________________________
City: _________________________ Zip: 91902 91910 91911 91913 91914 91915
Chula Vista area (Q2): West Central East Q4: 1 2 3 4 8
Database ph. #(_________)_____________________ Alternate ph. #(________)_________________
Email Address__________________________________________
Payment = Venmo Amazon Gift Card
Interviewer VOXCO ID__________________ Date recruited __________________________________
Tech Check: Time: ____ AM PM Day: _____________ Date: _______________
Hello, may I speak with RESPONDENT FROM LIST? This is [INTERVIEWER] of Competitive Edge Research,
a national public opinion polling firm, calling because we are conducting a paid, online evening focus group
about important local issues on either Tuesday, June 21st or Thursday, June 23rd. To ensure we receive
opinions from a variety of people, we’d like you to participate in a 90-minute online webcam group from your
home. For your participation, you will receive $110 by your choice of cash via Venmo or an Amazon gift card,
Would this be of interest to you? (IF “YES,” CONTINUE; IF “NO” OR HESITANT, TERMINATE)
Great! First, I need to ask a few confidential questions to see if you fit the study guidelines…
Q1. Do you still reside in the (READ ZIP CODE FROM SCREEN) ZIP Code?
1. Resides in listed ZIP Code (91902, 91910, 91911, 91913, 91914 OR 91915)
2. Resides in different ZIP Code (ENTER NEW ZIP CODE)
3. No, does not reside in 91902, 91910, 91911, 91913, 91914 OR 91915 (THANK AND TERMINATE)
Q2. And do you reside west of Interstate 805, between the 805 and the 125 or east of the 125?
1. West [MIN 4/MAX 8]
2. Central [MIN 2/MAX 5]
3. East [MIN 1/MAX 3]
8. UNSURE [CODE INELIGIBLE; SKIP TO Q15, THEN TERMINATE]
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 55 of 95
Chula Vista Privacy FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Tues/Thurs, June 21 and 23, 2022
2
Q3. Please tell me what is the most important issue facing Chula Vista? (IF UNSURE, PROBE. IF STILL
UNSURE, CODE INELIGIBLE; SKIP TO Q15, THEN TERMINATE) (CRITERION: CAN YOU
UNDERSTAND THE RESPONDENT AND DO THEY EXPRESS A THOUGHTFUL ANSWER?)
1. Extremely thoughtful and clear [MAX 4 PER GROUP; IF FULL, SKIP TO Q15, THANK AND
TERMINATE]
2. Very thoughtful and clear
3. Somewhat thoughtful and clear
4. No details [CODE INELIGIBLE; SKIP TO Q15, THANK AND TERMINATE]
5. Nothing/Unsure [CODE INELIGIBLE; SKIP TO Q15, THANK AND TERMINATE]
Q4. The City of Chula Vista collects and maintains residents’ personal information, including phone
numbers, property addresses, e-mail addresses, and video from security cameras. When it comes to
keeping that personal information private, do you generally think the city is doing a good job or a bad
job?
(IF GOOD JOB ASK: “Is that a very good job or a somewhat good job?”)
(IF BAD JOB ASK: “Is that a very bad job or a somewhat bad job?”)
1. Very good job [GROUP 2 OR 3]
2. Somewhat good job [GROUP 1, 2 OR 3]
3. Somewhat bad job [GROUP 1, 2 OR 4]
4. Very bad job [GROUP 1 OR 4]
8. UNSURE [MAX 5]
9. REFUSED [CODE INELIGIBLE; SKIP TO Q15, THANK AND TERMINATE]
Q5. Including volunteer work, do you or anyone in your household work for any of the following?
A news media company [SKIP TO Q15, THEN TERMINATE]
A high tech or computer company
A market research company [SKIP TO Q15, THEN TERMINATE]
In law enforcement [NOTE: RETIREES ARE INELIGIBLE PROBE AS NEEDED; IF RESPONDENT OR
SOMEONE IN HOUSEHOLD IS IN LAW ENFORCEMENT, SKIP TO Q15, THEN TERMINATE]
An elected official [SKIP TO Q15, THEN TERMINATE]
An attorney or law firm [SKIP TO Q15, THEN TERMINATE]
NONE OF THESE
Q6. What is your occupation? IF RETIRED, NOTE AND ASK: What was your occupation?
__________________________________________________________
EXCLUDE LAW ENFORCEMENT, LEGAL, NEWS MEDIA, POLITICAL
Q7. And in what industry is that? ________________________________________________________
Q8. Which of the following describes your experience with video conferencing platforms like Zoom and
Microsoft Teams while on your laptop or desktop computer?
1. I have talked with people online with my webcam on my desktop or laptop
2. I haven’t tried that [THANK AND TERMINATE]
3. I don’t have a laptop or a desktop [THANK AND TERMINATE]
8. UNSURE [THANK AND TERMINATE]
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 56 of 95
Chula Vista Privacy FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Tues/Thurs, June 21 and 23, 2022
3
Q9. Does the computer or laptop you would use for the focus groups have a webcam, audio speakers or
earphones, and a microphone?
1. Yes
2. No [THANK AND TERMINATE]
8. UNSURE [THANK AND TERMINATE]
Q10. Do you use Chrome, Firefox or something else to browse the Internet?
1. Chrome
2. Firefox
3. Something else [THANK AND TERMINATE]
8. UNSURE [THANK AND TERMINATE]
Q11. Is your broadband Internet connection speed where you would use your computer or laptop for
participating in the online discussion…
1. Less than 10 megabits upload and download (ex: can only stream music from Spotify or Pandora,
email, and basic web browsing) [THANK AND TERMINATE]
2. More than 10 megabits upload and download (ex: can Skype and Facetime calls, play online video
games, stream video from Netflix)
8. UNSURE: Please go to BandWidthPlace.com and press the “start” button in the middle of the
orange circle to determine download and upload internet speeds.
Q12. You'll read and evaluate materials on your computer screen as well as write some notes on paper. Do
you have limitations that would make your participation difficult? (IF YES, PROBE TO DETERMINE
WHETHER THE RESPONDENT CAN PARTICIPATE. PARTICIPATION ONLY VIA COMPUTER OR
LAPTOP)
1. Respondent can participate
2. Respondent CANNOT participate [THANK AND TERMINATE]
Q13. In terms of gender, how do you identify? (DO NOT READ)
1. Male
2. Female
3. Non-binary
4. Prefer to self-describe: _________________________
Q14. What is your racial or ethnic heritage?
1. White or Caucasian
2. African American or Black [MIN 1]
3. Hispanic or Latino [MIN 4/MAX 8]
4. Asian American [MIN 1]
5. Native American
6. Multi-ethnic
8. Something Else (SPECIFY AND CODE ABOVE, “EUROPEAN” IS WHITE, IF REFUSED, DO
NOT INVITE)
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 57 of 95
Chula Vista Privacy FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Tues/Thurs, June 21 and 23, 2022
4
Q15. In what year were you born? ________________ (ENTER YEAR BORN)
1. 1989-2003 (18-32) [MIN 2/MAX 6 PER GROUP]
2. 1976-1988 (33-46) [MIN 2/MAX 6 PER GROUP]
3. 1964-1975 (47-58)
4. 1950-1963 (59-72)
5. 1949 or earlier (73+) NONE [TERMINATE]
Those are all my questions. I’ll place you on hold a moment to make sure we have room for you in the focus
group. I’ll be right back (CHECK QUOTAS)
IF INVITING:
Q16. We'd like you to participate in a 90-minute webcam focus group on [Tuesday the 21st/Thursday the 23rd]
at [5:30pm/7:30pm]. Afterward you would be paid $110 via Venmo or an Amazon gift card. Would you
commit to participating?
1. Yes – Grp #1 5:30pm, Tuesday the 21st
2. Yes – Grp #2 7:30pm, Tuesday the 21st
3. Yes – Grp #3 5:30pm, Thursday the 23rd
4. Yes – Grp #4 7:30pm, Thursday the 23rd
5. No (THANK AND TERMINATE)
Q17. Would you like to receive your payment via an Amazon gift card or Venmo?
1. Amazon gift card
2. Venmo GET THEIR VENMO ID: @___________________& Phone #attached to Accnt___________
Q18. May I have your e-mail address so we may send you the confirmation and participation instructions?
(REPEAT IT BACK LETTER-FOR-LETTER AS YOU WRITE IT DOWN
EMAIL: ______________________________________________@___________________________
Q19. We will need to perform simple equipment and Internet speed checks with you on the PC or
laptop on which you will be participating. What is the good time in the next 48 hours to call
you back and perform this check?
Time: _______ AM PM Day: _________ Date: _________
Following the equipment check you’ll then receive a link for the online focus group with log in details.
You will also receive an invite e-mail which will include further instructions along with a non-disclosure
agreement. Please read it carefully. If you have any questions, please write down this number and
call us. (PAUSE FOR RESPONDENT TO GET PEN AND PAPER). It is 1-915-329-2102.
May I please have an alternate number we can reach you at? (________)____________________.
Thank you very much. Again, if you don’t hear from us within the next 48 hours, please call us at 1-915-329-
2102 and let us know. Goodbye.
IF NOT INVITING: I’m sorry. I can’t invite you to participate because the quotas for your profile have been
filled. We’ll call you in the future for another research project. Thanks and have a great day!
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 58 of 95
Chula Vista Privacy FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Tues/Thurs, June 21 and 23, 2022
5
IF HOLD: I’m sorry, but all the quotas for your demographics have been filled, so I am unable to invite you to
participate. However, it’s likely that a participant will cancel at the last minute. If that is the case, should we re-
contact you to see if you’re still available?
IF “OK”: Great! Again, we will only be contacting you if someone drop s out. It may even be early that
afternoon. (FILL OUT THE FRONT. GET E -MAIL ADDRESS AND ALTERNATE NUMBER) Thanks,
and if we don’t contact you this time, hopefully we can speak with you next time we do research in your
area. Goodbye.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 59 of 95
Chula Vista Privacy Spanish FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Thurs, July 21, 2022
1
Grp #1 (Q4 = 1 or 2 or 8): [5:30 SD] Grp #2 (Q4 = 3 or 4 or 8): [7:30 SD] HOLD
First Name______________________________ Last name ________________________________
Gender = M F Age = 1 2 3 4 Record source: L2 Client
Address ___________________________________________________________________________
City: _________________________ Zip: 91902 91910 91911 91913 91914 91915
Q2: West Central East Q4: 1 2 3 4 8
Database ph. #(_________)_____________________ Alternate ph. #(________)_________________
Email Address__________________________________________
Payment = Venmo Amazon Gift Card
Interviewer VOXCO ID__________________ Date recruited __________________________________
Tech Check: Time: ____ AM PM Day: _____________ Date: _______________
[START IN ENGLISH]
Hello, may I speak with RESPONDENT FROM LIST? This is [INTERVIEWER] of Competitive Edge Research,
a national public opinion polling firm, calling because we are conducting a paid, online evening focus group
about important local issues on Thursday, July 21st. The majority of the meeting will be conducted in
Spanish. To ensure we receive opinions from a variety of people, we’d like you to participate in a 90-minute
online webcam group from your home. For your participation, you will receive $110 by your choice of cash
via Venmo or an Amazon gift card. Would this be of interest to you? (IF “YES,” CONTINUE; IF “NO” OR
HESITANT, TERMINATE)
[SPANISH]
Hola, ¿puedo hablar con RESPONDENT FROM LIST? Habla [INTERVIEWER] de Competitive Edge
Research, una firma encuestadora de opinión pública nacional, y estamos realizando un grupo de discusión
nocturno pagado en línea sobre temas locales importantes el jueves 21 de julio. Para garantizar que
recibamos opiniones de diversas personas, nos gustaría que usted participara en un grupo en línea de 90
minutos por cámara web desde su hogar. Para agradecer su participación, recibirá $110 a elección suya
como efectivo mediante Venmo o una tarjeta de regalo de Amazon. ¿Esto es algo que le interesaría? (IF
“YES,” CONTINUE; IF “NO” OR HESITANT, TERMINATE)
¡Estupendo! En primer lugar, necesito hacerle algunas preguntas confidenciales para ver si usted se ajusta a
las directrices del estudio...
Q1. ¿Todavía reside en (READ FULL ADDRESS FROM SCREEN)?
1. Resides in listed ZIP Code (91902, 91910, 91911, 91913, 91914 OR 91915)
2. Resides in different ZIP Code (ENTER NEW ZIP CODE)
3. No, does not reside in 91902, 91910, 91911, 91913, 91914 OR 91915 (THANK AND TERMINATE)
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 60 of 95
Chula Vista Privacy Spanish FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Thurs, July 21, 2022
2
Q2. Y, ¿usted reside al oeste de la Interestatal 805, entre la 805 y la 125 o al este de la 125?
1. West
2. Central
3. East
8. UNSURE
Q3. Hágame el favor de decirme cuál es el tema más importante que enfrenta Chula Vista. (IF UNSURE,
PROBE. IF STILL UNSURE, CODE INELIGIBLE; SKIP TO Q15, THEN TERMINATE) (CRITERION:
CAN YOU UNDERSTAND THE RESPONDENT AND DO THEY EXPRESS A THOUGHTFUL
ANSWER?)
1. Extremely thoughtful and clear [MAX 4 PER GROUP; IF FULL, SKIP TO Q15, THANK AND
TERMINATE]
2. Very thoughtful and clear
3. Somewhat thoughtful and clear
4. No details [CODE INELIGIBLE; SKIP TO Q15, THANK AND TERMINATE]
5. Nothing/Unsure [CODE INELIGIBLE; SKIP TO Q15, THANK AND TERMINATE]
Q4. La Ciudad de Chula Vista recopila y mantiene información personal de los residentes, incluyendo
números telefónicos, direcciones de propiedades, direcciones de email y videos de cámaras de
seguridad. En cuanto a mantener privada esa información personal, ¿generalmente piensa que la
ciudad hace un buen o mal trabajo manteniendo esa información personal privada?
(IF GOOD JOB ASK: “¿Es un trabajo muy bueno o algo bueno?”)
(IF BAD JOB ASK: “¿Es un trabajo muy malo o algo malo?”)
1. Very good job [GROUP 1]
2. Somewhat good job [GROUP 1]
3. Somewhat bad job [GROUP 2]
4. Very bad job [GROUP 2]
8. UNSURE [MAX 4]
9. REFUSED [CODE INELIGIBLE; SKIP TO Q15, THANK AND TERMINATE]
Q5. Incluyendo el trabajo voluntario, ¿usted o alguien de su hogar trabaja en alguna de las siguientes
áreas?
Una empresa de medios informativos [SKIP TO Q15, THEN TERMINATE]
Una empresa de alta tecnología o empresa de computación
Una empresa de estudio de mercado [SKIP TO Q15, THEN TERMINATE]
En cuerpos policiales [NOTE: RETIREES ARE INELIGIBLE PROBE AS NEEDED; IF RESPONDENT OR
SOMEONE IN HOUSEHOLD IS IN LAW ENFORCEMENT, SKIP TO Q15, THEN TERMINATE]
Un funcionario electo [SKIP TO Q15, THEN TERMINATE]
Un abogado o firma de abogados [SKIP TO Q15, THEN TERMINATE]
NONE OF THESE
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 61 of 95
Chula Vista Privacy Spanish FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Thurs, July 21, 2022
3
Q6. ¿A qué se dedica? IF RETIRED, NOTE AND ASK: ¿A qué se dedicaba?
__________________________________________________________
EXCLUDE LAW ENFORCEMENT, LEGAL, NEWS MEDIA, POLITICAL
Q7. Y, ¿a qué industria pertenece eso?
________________________________________________________
Q8. ¿Cuál de las siguientes opciones describe su experiencia con las plataformas de conferencias de video
como Zoom y Microsoft Teams cuando usa su laptop o computadora de escritorio?
1. He hablado con personas en línea con mi cámara web en mi computadora de escritorio o laptop
2. No lo he intentado [THANK AND TERMINATE]
3. No tengo laptop o computadora de escritorio [THANK AND TERMINATE]
8. NO ESTÁ SEGURO [THANK AND TERMINATE]
Q9. ¿La computadora o laptop que usaría para los grupos de discusión tiene una cámara web, altavoces o
audífonos, y un micrófono?
1. Yes
2. No [THANK AND TERMINATE]
8. UNSURE [THANK AND TERMINATE]
Q10. ¿Usa Chrome, Firefox u otra cosa para navegar por Internet?
1. Chrome
2. Firefox
3. Something else [THANK AND TERMINATE]
8. UNSURE [THANK AND TERMINATE]
Q11. La velocidad de su conexión de Internet de banda ancha donde usaría su computadora o laptop para
participar en la discusión en línea es de...
1. Menos de 10 megabits de subida y descarga (p.ej., solo puede transmitir música de Spotify o Pandora,
enviar/recibir emails, y navegación web básica) [THANK AND TERMINATE]
2. Más de 10 megabits de subida y descarga (p.ej., puede hacer llamadas por Skype y Facetime, jugar
videojuegos en línea, transmitir videos de Netflix)
8. UNSURE: Por favor diríjase a BandWidthPlace.com y presione el botón “start” en la parte de en
medio del círculo naranja para determinar la s velocidades de subida y descarga de su Internet.
Q12. Usted leerá y evaluará materiales en la pantalla de su computadora, también escribirá algu nas notas
en papel. ¿Tiene limitaciones que dificultarían su participación? (IF YES, PROBE TO DETERMINE
WHETHER THE RESPONDENT CAN PARTICIPATE. PARTICIPATION ONLY VIA COMPUTER OR
LAPTOP)
1. Respondent can participate
2. Respondent CANNOT participate [THANK AND TERMINATE]
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 62 of 95
Chula Vista Privacy Spanish FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Thurs, July 21, 2022
4
Q13. Por lo que respecta al género, ¿cómo se identifica? (DO NOT READ)
1. Male
2. Female
3. Non-binary
4. Prefer to self-describe: _________________________
Q14. ¿Cuál es su origen racial o étnico?
1. Blanco o caucásico
2. Afroamericano o negro
3. Hispano o latino [MIN 10]
4. Asiático-americano
5. Nativo americano
6. Multiétnico
8. Otro (SPECIFY AND CODE ABOVE, “EUROPEAN” IS WHITE, IF REFUSED, DO NOT
INVITE)
Q15. ¿En qué año nació? ________________ (ENTER YEAR BORN)
1. 1989-2003 (18-32) [MIN 2/MAX 7 PER GROUP]
2. 1976-1988 (33-46) [MIN 2/MAX 7 PER GROUP]
3. 1964-1975 (47-58)
4. 1950-1963 (59-72)
5. 1949 or earlier (73+) NONE [TERMINATE]
Esas son todas mis preguntas. Lo pondré en espera un momento para asegurar que haya espacio para usted
en el grupo de discusión. Vuelvo enseguida (CHECK QUOTAS)
IF INVITING:
Q16. Nos gustaría que participara en un grupo de discusión de 90 minutos por cámara web el jueves 21 a
las [5:30pm/7:30pm]. Posteriormente recibirá $110 como pago mediante Venmo o una tarjeta de regalo
de Amazon. ¿Se comprometería a participar?
1. Yes – Grp #1 5:30pm, Thursday the 21st
2. Yes – Grp #2 7:30pm, Thursday the 21st
3. No (THANK AND TERMINATE)
Q17. ¿Le gustaría recibir su pago mediante una tarjeta de regalo de Amazon o por Venmo?
1. Amazon gift card
2. Venmo GET THEIR VENMO ID: @___________________&
3. 18. ¿Sería tan amable de compartirme su dirección de email para que pueda enviarle la
confirmación y las instrucciones para la participación? (REPEAT IT BACK LETTER-FOR-LETTER AS
YOU WRITE IT DOWN
EMAIL: ______________________________________________@___________________________
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 63 of 95
Chula Vista Privacy Spanish FG Recruitment Screener FINAL
n=10-12/Group, 90 minutes Rec ID_________ (enter from screen)
Thurs, July 21, 2022
5
Q19. Necesitaremos realizar algunas sencillas revisiones de equipo y de velocidades de Internet
con usted en la computadora o laptop en las que usted participará. Solo tardará unos 5
minutos en completarse y es muy básico. ¿Cuándo sería un buen momento en las próximas
48 horas para volverle a llamar y realizar esta revisión?
Time: _______ AM PM Day: _________ Date: _________
Después de la revisión del equipo, recibirá un enlace para el grupo de discusión en línea con los
detalles de acceso. También recibirá un email de invitación que incluirá instrucciones adicionales
junto con un acuerdo de confidencialidad. Por favor léalo con atención. Si tiene alguna pregunta, por
favor escriba este número y llámenos. (PAUSE FOR RESPONDENT TO GET PEN AND PAPER). Es
el 1-915-329-2102.
¿Podría decirme un número alternativo en el que podamos contactarlo?
(________)____________________.
Muchas gracias. Nuevamente, si no escucha de nosotros dentro de las próximas 48 horas, por favor llámenos
al 1-915-329-2102 y háganoslo saber. Adiós.
IF NOT INVITING: Lo siento. No puedo invitarlo a participar porque los cupos para su perfil se llenaron. L o
llamaremos en el futuro para otro proyecto de investigación. ¡Gracias y que tenga un estupendo día!
IF HOLD: Lo siento, pero todos los cupos para su demografía se llenaron, por lo que no me es posible
invitarlo a participar. Sin embargo, algún participante podría cancelar a último minuto. Si eso llegara a pasar,
¿deberíamos consultar si usted aún está disponible?
IF “OK”: ¡Estupendo! Solo lo contactaremos si alguien cancela. Incluso podría ser en esa misma
tarde. (FILL OUT THE FRONT. GET E-MAIL ADDRESS AND ALTERNATE NUMBER) Gracias, y si
no lo contactamos en esta ocasión, esperamos poder hablar con usted la próxima vez qu e hagamos
una investigación en su área. Adiós.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 64 of 95
APPENDIX
B
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 65 of 95
1
Chula Vista Privacy MODERATOR’S GUIDE
Group 1: non-Very Good Job
FINAL
Objectives: Explore privacy issues and concerns related to Chula Vista government. Develop
suggestions for privacy policies.
Ground Rules :30
1. So I can participate without having to take a lot of notes, this is being recorded, but
it’s all for research purposes and everything tonight will remain 100% confidential.
2. The format is intended for a free flow of discussion, but we only have about 90
minutes, so please excuse me if I get us back on track from time to time.
3. I want everyone to have a chance to speak so please allow others to finish what
they’re saying before adding to the conversation. Let’s all be respectful.
4. The only wrong opinion is the one that’s not expressed. All comments will be helpful;
negative ones are as helpful as positive ones. You’ll get some exercises to do tonight and
this process only works if you cooperate by doing them quickly and conscientiously.
5. Tonight we’re going to talk about some pretty deep topics. I want you to know you’re
in a safe environment. It’s like in pre-covid times when we’d get together in a neighbor’s
living room. So please relax and speak frankly.
Warm-up :35
Let’s begin by quickly introducing ourselves.
I’m your professional moderator, John. I’ll go around my screen and have you introduce
yourselves, tell us how long you’ve lived in Chula Vista and where you get your local
news and information.
SEND DROPS TO TECH
Before we go on, please make sure your cell phones are off. We had a gentleman last night…
I think we’re going have a great group this evening, you’re all well informed…
Issues :40
What do you think are the top issues facing Chula Vista right now, that is, the issues that you
think local officials should be most focused on? START WITH LAST PARTICIPANT IN WARM UP
IF “PRIVACY”: What is it about privacy issues that’s so important? Who else believes privacy is a
very important issue?
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 66 of 95
2
Knowledge :50
Does anyone know of any specific measures or steps the city of Chula Vista has taken to keep
personal information confidential? Just use your raise hand icon at the bottom. Please describe
them for me.
Do you think those policies are working? Why? Why not?
Experiences with Data Breaches :55
Now I want to ask about your experience. Please raise your hand if you’ve experienced a serious
invasion of your privacy in the past five years? FOR THOSE WITH HANDS UP: Please briefly tell us
what you can about that experience?
Has anyone had their data breached? FOR THOSE WITH HANDS UP: Please briefly tell us what
you can about that experience?
Has anyone had their information misused without their consent? FOR THOSE WITH HANDS UP:
Please briefly tell us what you can about that experience?
Evaluations :05
So, when we’re talking about privacy, we’re talking about a few things. The city keeping the
information you submit to it -- like parking tickets, dog licenses and the recreation classes you
may take -- confidential is one part of privacy. By a show of hands, who thinks the city is doing a
good job in that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping the information you submit to it confidential?
What’s the main reason you say that?
Another aspect of privacy is when the city collects data that you’re not giving it voluntarily, such
as when the police use license plate readers to scan for stolen vehicles. By a show of hands, who
thinks the city is doing a good job in that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that involuntarily collected information
confidential? What’s the main reason you say that?
Another aspect relates to video. There are cameras such as on traffic poles, police drones, or
body worn cameras that take lots of video. By a show of hands, who thinks the city is doing a
good job keeping that data and information confidential? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that video from cameras confidential? What’s
the main reason you say that?
Does anyone believe that certain groups are singled out more than they should be by the
police? How about certain ethnic groups? Do you think Latinos in Chula Vista are
disproportionately singled out?
Ideation :20
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 67 of 95
3
OK, now I want to go back and see what we can do about these issues.
Let’s take the first one we talked about, keeping the records you give the city confidential.
What do you think should be done to keep that information safe and private?
OPEN SPREADSHEET AND LIST IDEAS
Let’s take the second privacy category we talked about, keeping information private that the city
collects. What rules should there be to keep that information safe and private?
OPEN 2nd WORKSHEET AND LIST IDEAS
Let’s take the third privacy category we talked about, the video that the city collects. What rules
should there be to keep that information safe and private?
OPEN 3rd WORKSHEET AND LIST IDEAS
Examples :35
Here are some examples of what other cities have done with regard to keeping the records you
give the city confidential. SHARE SCREEN
Seattle’s privacy policies detailing what personal information citizens voluntarily give the City
and how it uses that information are on its website. For example, it lets people know that their
cell phone location could be used to help the City monitor traffic conditions.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping private the
information the city collects. ADVANCE SLIDE
Berkeley bans the City’s use of any facial recognition technology. City leaders point out that
facial recognition systems sometimes incorrectly identify people as criminals and that the
artificial intelligence behind the technology can be biased.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping video the city
collects private. ADVANCE SLIDE
Oakland has established a Privacy Advisory Board made up of citizens who formally advise the
city about approving any surveillance technology. City departments that want to start using a
new surveillance tool must write a report and present supporting information to a citizens
group, which then makes a recommendation to the City Council.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 68 of 95
4
What do you like about these rules? What do you dislike about them? How would you improve
them? ADVANCE SLIDE
Policy: Data Retention :45
OK, now that you’ve expressed your opinions on privacy issues in Chula Vista and you’ve heard
what other cities have done, I want you to consider some policy ideas for Chula Vista. Here’s the
first one on how long the city should retain your data... ADVANCE SLIDE
Time limits on data retention: This policy would require the City to delete
any personal information after one year. Keeping information only for only
a year and then deleting it would lessen the chance that personal
information could be stolen or used inappropriately. On the other han d,
keeping information longer could provide greater benefits, for example, if a
crime is being investigated or a missing person’s report has been filed after
a year.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the City was required to delete any personal information after 6
months? What about 2 months?
Policy: Training :50
Here’s the next policy I want you to consider on training of City staff… ADVANCE SLIDE
Training: This policy would mandate annual privacy training for City staff
who work with technology on how to recognize potential privacy issues
when considering whether to buy a new type of technology or software.
The City’s lawyers would attend legal training to grow their expertise on
recent laws and court rulings on personal privacy, data collection, etc.
There would be a significant additional cost to the city.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the cost to the city was more than $5 million per year?
Policy: Equitable Deployment :55
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 69 of 95
5
Here’s the next policy I want you to consider on how Chula Vista would deploy technology…
ADVANCE SLIDE
Equitable deployment of technology: This policy would prohibit the use of
technology in ways that might impact certain neighborhoods or groups. City
staff would be required to find alternatives to a particular technology that
might disproportionately impact women, Black residents, or non-English
speakers, for example. On the other hand, there may be no effective
alternatives to some technologies and, in the rare instances that the
technology is imperfect, the courts will protect the innocent.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the city was unable to use facial recognition tools designed to
catch criminals, for example?
Policy: Minimal Data Collection :00
Here’s the next policy I want you to consider on the amount of data Chula Vista would collect…
ADVANCE SLIDE
Minimizing data collection: This policy would require that city staff
minimize the amount of personal information collected. According to this
policy, if it not absolutely necessary for the City to collect a type of personal
information, then that information would not be collected. This policy
would result in less information for the City to use to make decisions, and it
may be impossible to know what personal information is absolutely
necessary for it to do its job.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the city was unable to identify unforeseen hazards in certain
neighborhoods, for example?
Policy: Anonymizing Data :05
Here’s the next policy I want you to consider on keeping citizen identities secret… ADVANCE
SLIDE
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 70 of 95
6
Anonymizing data: This policy would require city staff to remove personally
identifiable information from data whenever possible. By “de -identifying”
data, this policy would reduce the possibility that data would be stolen or
used inappropriately. On the other hand, there may be a situation in which
knowing who filed a complaint, for example, would help the City address a
problem.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the city was unable to contact citizens to follow-up on their
concerns, for example?
Community Involvement :10
You guys have done great. The last thing is the city would like to know how to get more Chula
Vistans engaged in city issues or volunteering on boards. What suggestions do you have for the
city?
Thank and dismiss :15
You guys have been great tonight. Thanks for your help and that concludes our session.
Competitive Edge will get you your payment tomorrow. Please remember not to discuss the
proceedings. Goodbye and have a great night.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 71 of 95
1
Chula Vista Privacy MODERATOR’S GUIDE
Group 2: non-Very Bad Job
FINAL
Objectives: Explore privacy issues and concerns related to Chula Vista government. Develop
suggestions for privacy policies.
Ground Rules :30
1. So I can participate without having to take a lot of notes, this is being recorded, but
it’s all for research purposes and everything tonight will remain 100% confidential.
2. The format is intended for a free flow of discussion, but we only have about 90
minutes, so please excuse me if I get us back on track from time to time.
3. I want everyone to have a chance to speak so please allow others to finish what
they’re saying before adding to the conversation. Let’s all be respectful.
4. The only wrong opinion is the one that’s not expressed. All comments will be helpful;
negative ones are as helpful as positive ones. You’ll get some exercises to do tonight and
this process only works if you cooperate by doing them quickly and conscientiously.
5. Tonight we’re going to talk about some pretty deep topics. I want you to know you’re
in a safe environment. It’s like in pre-covid times when we’d get together in a neighbor’s
living room. So please relax and speak frankly.
Warm-up :35
Let’s begin by quickly introducing ourselves.
I’m your professional moderator, John. I’ll go around my screen and have you introduce
yourselves, tell us how long you’ve lived in Chula Vista and where you get your local
news and information.
SEND DROPS TO TECH
Before we go on, please make sure your cell phones are off. We had a gentleman last night…
I think we’re going have a great group this evening, you’re all well informed…
Issues :40
What do you think are the top issues facing Chula Vista right now, that is, the issues that you
think local officials should be most focused on? START WITH LAST PARTICIPANT IN WARM UP
IF “PRIVACY”: What is it about privacy issues that’s so important? Who else believes privacy is a
very important issue?
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 72 of 95
2
Knowledge :50
Does anyone know of any specific measures or steps the city of Chula Vista has taken to keep
personal information confidential? Just use your raise hand icon at the bottom. Please describe
them for me.
Do you think those policies are working? Why? Why not?
Experiences with Data Breaches :55
Now I want to ask about your experience. Please raise your hand if you’ve experienced a serious
invasion of your privacy in the past five years? FOR THOSE WITH HANDS UP: Please briefly tell us
what you can about that experience?
Has anyone had their data breached? FOR THOSE WITH HANDS UP: Please briefly tell us what
you can about that experience?
Has anyone had their information misused without their consent? FOR THOSE WITH HANDS UP:
Please briefly tell us what you can about that experience?
Evaluations :05
So, when we’re talking about privacy, we’re talking about a few things. The city keeping the
information you submit to it, like parking tickets, dog licenses and the classes you may take,
confidential is one part of privacy. By a show of hands, who thinks the city is doing a good job in
that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping the information you submit to it confidential?
What’s the main reason you say that?
Another aspect of privacy is when the city collects data that you’re not giving it voluntarily, such
as when the police use license plate readers to scan for stolen vehicles. By a show of hands, who
thinks the city is doing a good job in that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that involuntarily collected information
confidential? What’s the main reason you say that?
Another aspect relates to video. There are cameras such as on traffic poles, police drones, or
body worn cameras that take lots of video. By a show of hands, who thinks the city is doing a
good job keeping that data and information confi dential? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that video from cameras confidential? What’s
the main reason you say that?
Does anyone believe that certain groups are singled out more than they should be by the
police? How about certain ethnic groups? Do you think Latinos in Chula Vista are
disproportionately singled out?
Ideation :20
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 73 of 95
3
OK, now I want to go back and see what we can do about these issues.
Let’s take the first one we talked about, keeping the records you give the city confidential.
What do you think should be done to keep that information safe and private?
OPEN SPREADSHEET AND LIST IDEAS
Let’s take the second privacy category we talked about, keeping information private that the city
collects. What rules should there be to keep that information safe and private?
OPEN 2nd WORKSHEET AND LIST IDEAS
Let’s take the third privacy category we talked about, the video that the city collects. What rules
should there be to keep that information safe and private?
OPEN 3rd WORKSHEET AND LIST IDEAS
Examples :35
Here are some examples of what other cities have done with regard to keeping the records you
give the city confidential. SHARE SCREEN TO SHOW EXAMPLE
Seattle’s privacy policies detailing what personal information citizens voluntarily give to the City
and how it uses that information are on its website. For example, it lets people know that their
cell phone location could be used to help the City monitor traffic conditions.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping private the
information the city collects. ADVANCE SLIDE
Berkeley bans the City’s use of any facial recognition technology. City leaders point out that
facial recognition systems sometimes incorrectly identify people as criminals and that the
artificial intelligence behind the technology can be biased.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping video the city
collects private. ADVANCE SLIDE
Oakland has established a Privacy Advisory Board made up of citizens who formally advise the
City about surveillance technology. City departments that want to start using a new surveillance
tool must write a report and present supporting information to the group, which then makes a
recommendation to the City Council.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 74 of 95
4
What do you like about these rules? What do you dislike about them? How would you improve
them? ADVANCE SLIDE
Policy: Audits :45
OK, now that you’ve expressed your opinions on privacy issues in Chula Vista and you’ve heard
what other cities have done, I want you to consider some policy ideas for Chula Vista. Here’s the
first one on auditing City policies... ADVANCE SLIDE
Regular audits: This policy would require the City to retain a privacy
auditing firm to regularly review who has access to data collected by the
City and review what data has been viewed, downloaded, or shared, and by
whom. The goal is to help the City proactively identify whether privacy has
been or might be compromised. There would be a significant additional
cost to the City.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the cost to the City was more than $5 million per year?
Policy: Chief Privacy Officer :50
Here’s the next policy I want you to consider on hiring a chief Privacy Officer… ADVANCE SLIDE
Chief Privacy Officer: The City would hire a Chief Privacy Officer (CPO)
responsible for overseeing all City privacy efforts. The CPO would be the in-
house privacy protection expert who gathers community input and ideas on
privacy and technology, stays up-to-date on the latest developments, is a
resource for City staff and helps draft policies for how technology should be
used. The CPO would be appointed by, and answer to, the City Manager,
receive a $170,000 salary and have a staff of two.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you suppo rt it.
Thanks, now use your hand tool to indicate that you oppose it.
Policy: Equitable Deployment :55
Here’s the next policy I want you to consider on how Chula Vista would share data… ADVANCE
SLIDE
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 75 of 95
5
Data sharing: This policy would limit Chula Vista’s ability to share with
outside third parties the personal information the City has collected. This
policy limits the sharing of license plate data with police departments in
other cities. Some crimes in other cities would likely go unsolved.
What are your thoughts on this policy?
Do you really consider your license plate contain personal information?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the City would be unable to sell the City’s data to generate
revenue?
What if this policy outright banned the City from sharing personal information with outside third
parties?
Policy: Minimal Data Collection :00
Here’s the next policy I want you to consider on how much information the City could collect…
ADVANCE SLIDE
Oversight board: This policy would establish a board of community
volunteers who would review how the city is using technology and advise
on whether privacy protections are, in their view, working. The board
would recommend to the City Council as to whether the use of a
technology is worth the costs and potential privacy risks. Members would
be required to have expertise in technology or privacy issues.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you op pose it.
Policy: Anonymizing Data :05
Here’s the next policy I want you to consider on the City Council’s role… ADVANCE SLIDE
More oversight by City Council: This policy would require the City Council
to review all purchases of technology that collects personal information.
The Council currently only reviews purchases costing hundreds of
thousands of dollars and city employees can make smaller purchases
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 76 of 95
6
without the Council’s pre-approval. The policy would result in the City
Council reviewing relatively small budget items.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the City Council is slower to act on other important policy issues?
Community Involvement :10
You guys have done great. The last thing is the city would like to know how to get more Chula
Vistans engaged in city issues or volunteering on boards. What suggestions do you have for the
city?
Thank and dismiss :15
You guys have been great tonight. Thanks for your help and that concludes our session.
Competitive Edge will get you your payment tomorrow. Please remember not to discuss the
proceedings. Goodbye and have a great night.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 77 of 95
1
Chula Vista Privacy MODERATOR’S GUIDE
Group 3: Good Job
FINAL
Objectives: Explore privacy issues and concerns related to Chula Vista government. Develop
suggestions for privacy policies.
Ground Rules :30
1. So I can participate without having to take a lot of notes, this is being recorded, but
it’s all for research purposes and everything tonight will remain 100% confidential.
2. The format is intended for a free flow of discussion, but we only have about 90
minutes, so please excuse me if I get us back on track from time to time.
3. I want everyone to have a chance to speak so please allow others to finish what
they’re saying before adding to the conversation. Let’s all be respectful.
4. The only wrong opinion is the one that’s not expressed. All comments will be helpful;
negative ones are as helpful as positive ones. You’ll get some exercises to do tonight and
this process only works if you cooperate by doing them quickly and conscientiously.
5. Tonight we’re going to talk about some pretty deep topics. I want you to know you’re
in a safe environment. It’s like in pre-covid times when we’d get together in a neighbor’s
living room. So please relax and speak frankly.
Warm-up :35
Let’s begin by quickly introducing ourselves.
I’m your professional moderator, John. I’ll go around my screen and have you introduce
yourselves, tell us how long you’ve lived in Chula Vista and where you get your local
news and information.
SEND DROPS TO TECH
Before we go on, please make sure your cell phones are off. We had a gentleman last night…
I think we’re going have a great group this evening, you’re all well informed…
Issues :40
What do you think are the top issues facing Chula Vista right now, that is, the issues that you
think local officials should be most focused on? START WITH LAST PARTICIPANT IN WARM UP
IF “PRIVACY”: What is it about privacy issues that’s so important? Who else believes privacy is a
very important issue?
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 78 of 95
2
Knowledge :50
Does anyone know of any specific measures or steps the city of Chula Vista has taken to keep
personal information confidential? Just use your raise hand icon at the bottom. Please describe
them for me.
Do you think those policies are working? Why? Why not?
Experiences with Data Breaches :55
Now I want to ask about your experience. Please raise your hand if you’ve experienced a serious
invasion of your privacy in the past five years? FOR THOSE WITH HANDS UP: Please briefly tell us
what you can about that experience?
Has anyone had their data breached? FOR THOSE WITH HANDS UP: Please briefly tell us what
you can about that experience?
Has anyone had their information misused without their consent? FOR THOSE WITH HANDS UP:
Please briefly tell us what you can about that experience?
Evaluations :05
So, when we’re talking about privacy, we’re talking about a few things. The city keeping the
information you submit to it -- like parking tickets, dog licenses and the recreation classes you
may take -- confidential is one part of privacy. By a show of hands, who thinks the city is doing a
good job in that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping the information you submit to it confidential?
What’s the main reason you say that?
Another aspect of privacy is when the city collects data that you’re not giving it voluntarily, such
as when the police use license plate readers to scan for stolen vehicles. By a show of hands, who
thinks the city is doing a good job in that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that involuntarily collected information
confidential? What’s the main reason you say that?
Another aspect relates to video. There are cameras such as on traffic poles, police drones, or
body worn cameras that take lots of video. By a show of hands, who thinks the city is d oing a
good job keeping that data and information confidential? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that video from cameras confidential? What’s
the main reason you say that?
Does anyone believe that certain groups are singled out more than they should be by the
police? How about certain ethnic groups? Do you think Latinos in Chula Vista are
disproportionately singled out?
Ideation :20
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 79 of 95
3
OK, now I want to go back and see what we can do about these issues.
Let’s take the first one we talked about, keeping the records you give the city confidential.
What do you think should be done to keep that information safe and private?
OPEN SPREADSHEET AND LIST IDEAS
Let’s take the second privacy category we talked about, keeping information private that the city
collects. What rules should there be to keep that information safe and private?
OPEN 2nd WORKSHEET AND LIST IDEAS
Let’s take the third privacy category we talked about, the video that the city collects. What rules
should there be to keep that information safe and private?
OPEN 3rd WORKSHEET AND LIST IDEAS
Examples :35
Here are some examples of what other cities have done with reg ard to keeping the records you
give the city confidential. SHARE SCREEN
Seattle’s privacy policies detailing what personal information citizens voluntarily give the City
and how it uses that information are on its website.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping private the
information the city collects. ADVANCE SLIDE
Berkeley bans the City’s use of any facial recognition technology. City leaders point out that
facial recognition systems sometimes incorrectly identify people as criminals and that the
artificial intelligence behind the technology can be biased.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping video the city
collects private. ADVANCE SLIDE
Oakland has established a Privacy Advisory Board made up of citizens who formally advise the
city about approving any surveillance technology. City departments that want to start using a
new surveillance tool must write a report and present supporting information to a citizens
group, which then makes a recommendation to the City Council.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 80 of 95
4
What do you like about these rules? What do you dislike about them? How would you improve
them? ADVANCE SLIDE
Policy: Data Retention :45
OK, now that you’ve expressed your opinions on privacy issues in Chula Vista and you’ve heard
what other cities have done, I want you to consider some policy ideas for Chula Vista. Here’s the
first one on how long the city should retain your data... ADVANCE SLIDE
Time limits on data retention: This policy would require the City to delete
any personal information after one year. Keeping information only for only
a year and then deleting it would lessen the chance that personal
information could be stolen or used inappropriately. On the other hand,
keeping information longer could provide greater benefits, for example, if a
crime is being investigated or a missing person’s report has been filed after
a year.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the City was required to delete any personal information after 6
months? What about 2 months?
Policy: Training :50
Here’s the next policy I want you to consider on training of City staff… ADVANCE SLIDE
Training: This policy would mandate annual privacy training for City staff
who work with technology on how to recognize potential privacy issues
when considering whether to buy a new type of technology or software.
The City’s lawyers would attend legal training to grow their expertise on
recent laws and court rulings on personal privacy, data collection, etc.
There would be a significant additional cost to the city.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the cost to the city was more than $5 million per year?
Policy: Equitable Deployment :55
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 81 of 95
5
Here’s the next policy I want you to consider on how Chula Vista would deploy technology…
ADVANCE SLIDE
Equitable deployment of technology: This policy would prohibit the use of
technology in ways that might impact certain neighborhoods or groups. City
staff would be required to find alternatives to a particular technology that
might disproportionately impact women, Black residents, or non-English
speakers, for example. On the other hand, there may be no effective
alternatives to some technologies and, in the rare instances that the
technology is imperfect, the courts will protect the innocent.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the city was unable to use facial recognition tools designed to
catch criminals, for example?
Policy: Minimal Data Collection :00
Here’s the next policy I want you to consider on the amount of data Chula Vista would collect…
ADVANCE SLIDE
Minimizing data collection: This policy would require that city staff
minimize the amount of personal information collected. According to this
policy, if it not absolutely necessary for the City to collect a type of personal
information, then that information would not be collected. This policy
would result in less information for the City to use to make decisions, and it
may be impossible to know what personal information is absolutely
necessary for it to do its job.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the city was unable to identify unforeseen hazards in certain
neighborhoods, for example?
Policy: Anonymizing Data :05
Here’s the next policy I want you to consider on keeping citizen identities secret… ADVANCE
SLIDE
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 82 of 95
6
Anonymizing data: This policy would require city staff to remove personally
identifiable information from data whenever possible. By “de -identifying”
data, this policy would reduce the possibility that data would be stolen or
used inappropriately. On the other hand, there may be a situation in which
knowing who filed a complaint, for example, would help the City address a
problem.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the city was unable to contact citizens to follow-up on their
concerns, for example?
Community Involvement :10
You guys have done great. The last thing is the city would like to know how to get more Chula
Vistans engaged in city issues or volunteering on boards. What suggestions do you have for the
city?
Thank and dismiss :15
You guys have been great tonight. Thanks for your help and that concludes our session.
Competitive Edge will get you your payment tomorrow. Please remember not to discuss the
proceedings. Goodbye and have a great night.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 83 of 95
1
Chula Vista Privacy MODERATOR’S GUIDE
Group 4: Bad Job
FINAL
Objectives: Explore privacy issues and concerns related to Chula Vista government. Develop
suggestions for privacy policies.
Ground Rules :30
1. So I can participate without having to take a lot of notes, this is being recorded, but
it’s all for research purposes and everything tonight will remain 100% confidential.
2. The format is intended for a free flow of discussion, but we only have about 90
minutes, so please excuse me if I get us back on track from time to time.
3. I want everyone to have a chance to speak so please allow others to finish what
they’re saying before adding to the conversation. Let’s all be respectful.
4. The only wrong opinion is the one that’s not expressed. All comments will be helpful;
negative ones are as helpful as positive ones. You’ll get some exercises to do tonight and
this process only works if you cooperate by doing them quickly and conscientiously.
5. Tonight we’re going to talk about some pretty deep topics. I want you to know you’re
in a safe environment. It’s like in pre-covid times when we’d get together in a neighbor’s
living room. So please relax and speak frankly.
Warm-up :35
Let’s begin by quickly introducing ourselves.
I’m your professional moderator, John. I’ll go around my screen and have you introduce
yourselves, tell us how long you’ve lived in Chula Vista and where you get your local
news and information.
SEND DROPS TO TECH
Before we go on, please make sure your cell phones are off. We had a gentleman last night…
I think we’re going have a great group this evening, you’re all well informed…
Issues :40
What do you think are the top issues facing Chula Vista right now, that is, the issues that you
think local officials should be most focused on? START WITH LAST PARTICIPANT IN WARM UP
IF “PRIVACY”: What is it about privacy issues that’s so important? Who else believes privacy is a
very important issue?
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 84 of 95
2
Knowledge :50
Does anyone know of any specific measures or steps the city of Chula Vista has taken to keep
personal information confidential? Just use your raise hand icon at the bottom. Please describe
them for me.
Do you think those policies are working? Why? Why not?
Experiences with Data Breaches :55
Now I want to ask about your experience. Please raise your hand if you’ve experienced a serious
invasion of your privacy in the past five years? FOR THOSE WITH HANDS UP: Please briefly tell us
what you can about that experience?
Has anyone had their data breached? FOR THOSE WITH HANDS UP: Please briefly tell us what
you can about that experience?
Has anyone had their information misused without their consent? FOR THOSE WITH HANDS UP:
Please briefly tell us what you can about that experience?
Evaluations :05
So, when we’re talking about privacy, we’re talking about a few things. The city keeping the
information you submit to it, like parking tickets, dog licenses and the classes you may take,
confidential is one part of privacy. By a show of hands, who thinks the city is doing a good job in
that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping the information you submit to it confidential?
What’s the main reason you say that?
Another aspect of privacy is when the city collects data that you’re not giving it voluntarily, such
as when the police use license plate readers to scan for stolen vehicles. By a show of hands, who
thinks the city is doing a good job in that regard? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that involuntarily collected information
confidential? What’s the main reason you say that?
Another aspect relates to video. There are cameras such as on traffic poles, police drones, or
body worn cameras that take lots of video. By a show of hands, who thinks the city is doing a
good job keeping that data and information confi dential? What’s the main reason you say that?
And who thinks the city is doing a bad job keeping that video from cameras confidential? What’s
the main reason you say that?
Does anyone believe that certain groups are singled out more than they should be by the
police? How about certain ethnic groups? Do you think Latinos in Chula Vista are
disproportionately singled out?
Ideation :20
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 85 of 95
3
OK, now I want to go back and see what we can do about these issues.
Let’s take the first one we talked about, keeping the records you give the city confidential.
What do you think should be done to keep that information safe and private?
OPEN SPREADSHEET AND LIST IDEAS
Let’s take the second privacy category we talked about, keeping information private that the city
collects. What rules should there be to keep that information safe and private?
OPEN 2nd WORKSHEET AND LIST IDEAS
Let’s take the third privacy category we talked about, the video that the city collects. What rules
should there be to keep that information safe and private?
OPEN 3rd WORKSHEET AND LIST IDEAS
Examples :35
Here are some examples of what other cities have done with regard to keeping the records you
give the city confidential. SHARE SCREEN TO SHOW EXAMPLE
Seattle’s privacy policies detailing what personal information citizens voluntarily give to the City
and how it uses that information are on its website. For example, it lets people know that their
cell phone location could be used to help the City monitor traffic conditions.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping private the
information the city collects. ADVANCE SLIDE
Berkeley bans the City’s use of any facial recognition technology. City leaders point out that
facial recognition systems sometimes incorrectly identify people as criminals and that the
artificial intelligence behind the technology can be biased.
What do you like about these rules? What do you dislike about them? How would you improve
them?
Here are some examples of what other cities have done with regard to keeping video the city
collects private. ADVANCE SLIDE
Oakland has established a Privacy Advisory Board made up of citizens who formally advise the
City about surveillance technology. City departments that want to start using a new surveillance
tool must write a report and present supporting information to the group, which then makes a
recommendation to the City Council.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 86 of 95
4
What do you like about these rules? What do you dislike about them? How would you improve
them? ADVANCE SLIDE
Policy: Audits :45
OK, now that you’ve expressed your opinions on privacy issues in Chula Vista and you’ve heard
what other cities have done, I want you to consider some policy ideas for Chula Vista. Here’s the
first one on auditing City policies... ADVANCE SLIDE
Regular audits: This policy would require the City to retain a privacy
auditing firm to regularly review who has access to data collected by the
City and review what data has been viewed, downloaded, or shared, and by
whom. The goal is to help the City proactively identify whether privacy has
been or might be compromised. There would be a significant additional
cost to the City.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, as part of this policy, the cost to the City was more than $5 million per year?
Policy: Chief Privacy Officer :50
Here’s the next policy I want you to consider on hiring a chief Privacy Officer… ADVANCE SLIDE
Chief Privacy Officer: The City would hire a Chief Privacy Officer (CPO)
responsible for overseeing all City privacy efforts. The CPO would be the in-
house privacy protection expert who gathers community input and ideas on
privacy and technology, stays up-to-date on the latest developments, is a
resource for City staff and helps draft policies for how technology should be
used. The CPO would be appointed by, and answer to, the City Manager,
receive a $170,000 salary and have a staff of two.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you suppo rt it.
Thanks, now use your hand tool to indicate that you oppose it.
Policy: Data Sharing :55
Here’s the next policy I want you to consider on how Chula Vista would share data… ADVANCE
SLIDE
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 87 of 95
5
Data sharing: This policy would limit Chula Vista’s ability to share with
outside third parties the personal information the City has collected. This
policy limits the sharing of license plate data with police departments in
other cities. Some crimes in other cities would likely go unsolved.
What are your thoughts on this policy?
Do you really consider your license plate contain personal information?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the City would be unable to sell the City’s data to generate
revenue?
What if this policy outright banned the City from sharing personal information with outside third
parties?
Policy: Oversight :00
Here’s the next policy I want you to consider on how much information the City could collect…
ADVANCE SLIDE
Oversight board: This policy would establish a board of community
volunteers who would review how the city is using technology and advise
on whether privacy protections are, in their view, working. The board
would recommend to the City Council as to whethe r the use of a
technology is worth the costs and potential privacy risks. Members would
be required to have expertise in technology or privacy issues.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
Policy: City Council :05
Here’s the next policy I want you to consider on the City Council’s role… ADVANCE SLIDE
More oversight by City Council: This policy would require the City Council
to review all purchases of technology that collects personal information.
The Council currently only reviews purchases costing hundreds of
thousands of dollars and city employees can make smaller purchases
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 88 of 95
6
without the Council’s pre-approval. The policy would result in the City
Council reviewing relatively small budget items.
What are your thoughts on this policy?
Now that we’ve discussed this policy, use your hand raise tool to indicate that you support it.
Thanks, now use your hand tool to indicate that you oppose it.
What if, because of this policy, the City Council is slower to act on other important policy issues?
Community Involvement :10
You guys have done great. The last thing is the city would like to know how to get more Chula
Vistans engaged in city issues or volunteering on boards. What suggestions do you have for the
city?
Thank and dismiss :15
You guys have been great tonight. Thanks for your help and that concludes our session.
Competitive Edge will get you your payment tomorrow. Please remember not to discuss the
proceedings. Goodbye and have a great night.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 89 of 95
APPENDIX
C
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 90 of 95
Chula Vista Stimuli
So, when we’re talking about privacy, we’re talking about a few things. The city keeping the
information you submit to it, like parking tickets, dog licenses and the classes you may take,
confidential is one part of privacy.
Así que, cuando hablamos de la privacidad, estamos hablando de tres cosas en general: Un
aspecto de la privacidad es que la Ciudad mantenga la confidencialidad de la información que
uno da en forma de multas de estacionamiento, licencias para perros y clas es que uno toma en
un parque de su vecindario.
Another aspect of privacy is when the city collects data that you’re not giving it voluntarily, such
as when the police use license plate readers to scan for stolen vehicles.
Otro aspecto de la privacidad ocurre cuando la Ciudad recopila datos que uno no le da de
manera voluntaria: por ejemplo, cuando la policía utiliza lectores de placas de autos para
identificar vehículos robados.
Another aspect relates to video. There are cameras such as on t raffic poles, police drones, or
body worn cameras that take lots of video.
Otro aspecto está relacionado con los videos. Por ejemplo, las imágenes que captan las
cámaras ubicadas en los postes de tráfico, los drones policiales y las cámaras corporales.
Does anyone believe that certain groups are singled out more than they should be by the
police? How about certain ethnic groups? Do you think Latinos in Chula Vista are
disproportionately singled out?
¿Alguno de ustedes cree que la policía enfoca estas prácticas más de lo debido en ciertos
grupos? Y, ¿creen que se centran en ciertos grupos étnicos más que en otros? ¿Consideran
que enfocan estas prácticas de manera desproporcionada en la comunidad latina de Chula
Vista?
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 91 of 95
Group 5 Examples & Policies
En la ciudad de Seattle, las políticas relacionadas con la privacidad se publican en la página de internet de la ciudad con t odos los
detalles sobre la información que los ciudadanos proporcionan a la Ciudad de manera voluntaria y cómo se utiliza esta información.
En la ciudad de Berkeley, se prohíbe el uso de tecnologías de reconocimiento facial. Los líderes de la Ciudad advierten que los sistemas
de reconocimiento facial a veces se equivocan e identifican erróneamente a personas como delincuentes. Señalan que la inteligencia
artificial que forma la base de dicha tecnología podría estar sujeta a prejuicios.
En la ciudad de Oakland, se ha establecido una Comisión Asesora de Privacidad, comprendida por ciudadanos, que hace recomenda ciones a
la Ciudad sobre las tecnologías de vigilancia. Los departamentos municipales que desean utilizar un equipo nuevo de vigilanc ia tienen que
presentar un informe a este grupo, que – a su vez – hace recomendaciones al Consejo Municipal.
Límites de tiempo para la retención de datos
Bajo esta política, se requeriría que la Ciudad borrara toda información personal después de un año. Guardar información por solo un año
y borrarlo después del año reduciría la posibilidad del robo o mal uso de los datos personales.
Por otra parte, guardar la información durante más tiempo podría proporcionar mayores beneficios, por ejemplo, en caso de la
investigación de un delito o la presentación de una denuncia de una persona perdida después del año.
Capacitación
Esta política exigiría la capacitación anual relativa a la privacidad para todo el personal de la Ciudad que trabaja con sistemas tecnológi cos
sobre cómo reconocer posibles problemas de violación de derechos de privacidad a la hora de considerar la compra de un sistem a o
programa informático nuevo. Los abogados de la Ciudad asistirían a una capacitación legal para ampliar su experiencia y peri cia en materia
de las leyes y decisiones jurídicas más recientes sobre la privacidad, la recolección de datos, etc.
Implicaría costos adicionales considerables para la Ciudad.
Implementación Equitativa de Tecnología
Esta política prohibiría el uso de tecnologías de manera que pudiera afectar a determinados vecindarios o grupos. Por ejempl o, se
obligaría al personal de la Ciudad a buscar alternativas a un sistema tecnológico que pudiera impactar de manera desproporcionada
a mujeres, a residentes afroamericanos o a personas que no hablan inglés.
Por otra parte, es possible que no existan alternativas efectivas para determinadas tecnologías y, en caso de que se trate de una
tecnología imperfecta, la ley protegerá a los inocentes.
Reducción en Recopilación de Datos
Esta política requeriría que el personal que trabaja para la Ciudad redujera la recolección de datos personales. De acuerdo a esta política,
de no ser indispensable, la Ciudad no tendría que recopilar datos personales.
Dicha norma resultaría en menos información a disposición de la Ciudad para que ésta tome decisiones y podría ser imposible s aber cuáles
datos son cruciales para que realicen su labor.
.
Anonimización de Datos
Esta regla exigiría que el personal de la Ciudad quitara información personal identificable de los datos recopilados cuando
sea posible. Al borrar los datos identificables, esta norma reduciría la posi bilidad de robo o uso inapropiado de información
personal.
Por otra parte, puede haber una situación en la que el saber quién presenta una denuncia, por ejemplo, podría ayudar a la
Ciudad a resolver un problema.
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 92 of 95
Group 6 Examples & Policies
En la ciudad de Seattle, las políticas relacionadas con la privacidad se publican en la página de internet de la ciudad con todos los
detalles sobre la información que los ciudadanos proporcionan a la Ciudad de manera voluntaria y cómo se utiliza esta informa ción.
En la ciudad de Berkeley, se prohíbe el uso de tecnologías de reconocimiento facial. Los líderes de la Ciudad advierten que los sistemas de
reconocimiento facial a veces se equivocan e identifican erróneamente a personas como delincuentes. Señalan que la inteligencia artificial
que forma la base de dicha tecnología podría estar sujeta a prejuicios.
Oakland has established a Privacy Advisory Board made up of citizens who formally advise the City about surveillance technolo gy. City
departments that want to start using a new surveillance tool must write a report and present supporting information to the group, which
then makes a recommendation to the City Council.
Auditorías Regulares
Esta norma obligaría a la Ciudad a contratar una empresa de auditoría de privacidad para que esta revisara quién tiene acceso a los
datos recopilados por la Ciudad y evaluara qué datos han sido observados, descargados o compartidos y por parte de quién. El objetivo
es ayudar a la Ciudad a identificar, de manera proactiva, si se ha violado o si se podrían violar los derechos de privacidad.
Esta ley supondría costos adicionales considerables para la Ciudad.
Director de Privacidad
La ciudad contrataría a un Director de Privacidad (CPO, por sus siglas en inglés) que sería responsable de supervisar todos l os esfuerzos
de la Ciudad en materia de privacidad. Dicho director sería el experto interno encargado de proteger los derechos de privacidad;
recopilaría las perspectivas o recomendaciones de los miembros de la comunidad sobre tecnología y privacidad, se mantendría a l día
acerca de los avances más recientes, colaboraría con el personal de la Ciudad y ayudaría a redactar reglas sobre el buen uso de la
tecnología.
Dicho director sería nombrado por y respondería al Jefe de la Administración Municipal, recibiría un sueldo de $170,000 y ten dría dos
asistentes.
Compartimiento de Datos
Este reglamento limitaría la capacidad de Chula Vista de compartir con terceros la información personal que ha recopilado la Ciudad.
Dicha norma limita el compartimiento de datos relacionados con las placas de autos con departamentos de policía en otras ciud ades.
Significaría que no se resolverían algunos delitos cometidos en otras ciudades
Consejo de Supervisión
Bajo esta política, se establecería una Comisión de voluntarios de la comunidad que analizaría el uso de tecnología de la Ciu dad y
presentaría informes, desde su perspectiva, sobre la efectividad de las protecciones de privacidad. Dicha comisión haría recomendaciones
ante el Consejo Municipal sobre los costos, el valor y los posibles riesgos del uso de ciertas tecnologías.
Los miembros tendrían que ser expertos en la materia de tecnología y cuestiones de privacidad.
Más vigilancia por parte del Consejo Municipal
Esta norma obligaría al Consejo Municipal a revisar todas las adquisiciones/compras de los sistemas que recopilan datos perso nales. En la
actualidad, el Consejo sólo revisa las compras de cientos de miles de dólares y los empleados de la Ciudad pueden comprar equipo nuevo
de menor costo sin previa aprobación del Consejo.
Esta regla significaría que el Consejo Municipal revisaría compras que tienen un impacto relativamente menor en el presupuest o. 2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 93 of 95
Technology and Privacy Advisory Task Force
Work Session #2
August 1, 2022
PENDING QUESTIONS:
Based on the conversation during Work Session 1, staff recommends the Task Force work to answer the
following questions during this Work Session:
• Who should the Privacy Officer report to? Possibilities:
o City Attorney, who is elected directly by the people
o City Manager, who is appointed by the City Council
o IT Director, who is appointed by the City Manager
• Who should appoint members of the Privacy Advisory Board? Some possibilities:
o Mayor interviews and recommends individuals for City Council approval
o Each City Councilmember makes their own nominations for City Council approval
o City staff (Privacy Officer?) makes recommendations for City Council approval
• Should members of the Privacy Advisory Board be Chula Vista residents only, or should some
number of non-residents be allowed to serve on the board?
• Which items on the “NOT YET DISCUSSED” list do we have general support for?
• Are there any items on the “NOT YET DISCUSSED” list that should be disposed of?
• Are there new items that should be added to these lists that we have not discussed yet?
OPEN DISCUSSION:
This list includes items that the Task Force has begun discussing but for which the Task Force has not
yet reached a clear consensus.
Privacy Oversight and Transparency
1. Privacy Officer
• Could be part of the duties of the Chief Information Security Officer, but prefer a full-
time Privacy Officer focused exclusively on privacy issues
• Serves as the primary city staff liaison to the Privacy Advisory Board but does not have a
vote on the board
• Reviews technology contracts to ensure privacy issues are addressed
• Performs periodic audits of department technology to ensure compliance with data access
protections
• Provides regular training sessions to City staff on privacy issues
• May have support staff if duties grow beyond the capacity of one employee
2. Privacy Advisory Board
• Membership must include a majority of Chula Vista residents
• Members should include a mix of technology experts, auditing experts, privacy
advocates, legal experts, etc.
• Reviews existing contracts for privacy issues and recommends changes
• Reviews new contracts for potential privacy issues
• Meets at least four times a year
• Independent from the City Manager and City Council to the extent possible under the
City Charter
3. Proactive disclosure of data breaches and related privacy issues
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 94 of 95
NOT YET DISCUSSED:
This list includes suggestions that have been mentioned at some point since April but that have not yet
been discussed by the Task Force.
Procurement
1. Prohibit nondisclosure agreements in vendor contracts except to protect proprietary information
2. Require all contracts with privacy implications to be presented to the City Council, regardless of
dollar amount
3. Require an evaluation of the potential for hardware to be maliciously accessed by a third party as
part of the procurement process
4. Require vendors to give City the capability to audit who has accessed what information
5. Provide additional specialized training to procurement staff and City Attorney staff on
recognizing contractual red flags related to data and privacy
6. Ensure that contracts include a prohibition on the use or sale of personal information outside
except as necessary to provide a service to the City
Data Retention and Minimization
1. Reduce the amount of time data is retained (ALPR, health data)
2. Do not retain data unless absolutely necessary to provide the core service (library example)
3. Anonymize or de-identify data when possible
Information Security
1. Prohibit the use of non-City devices to access City networks unless two-factor authentication is
used
2. Regularly audit who has access to information to ensure access is limited to only those with a
current need to access
Use Policies
1. Create acceptable use policies and retention policies for privacy-impacting technologies that are
consistent across departments, enforceable, auditable, and reviewed/refreshed on a regular basis
to ensure they are still adequate to address evolving uses of the technology.
Privacy Oversight and Transparency
1. Provide proactive disclaimers to let people know when their data is being collected and how it
will be used
UPCOMING WORK SESSIONS
• Monday, August 15: Work Session #3
• Monday, August 30: Work Session #4
• Monday, September 12: Work Session #5
• Monday, September 26: Work Session #6 and Final Review
2022-08-01 Technology & Privacy Advisory Task Force Agenda Page 95 of 95