SF Residents to Vote on Prop. B Data Protection Law

San Francisco voters on Tuesday will consider a ballot measure at the polls to strengthen the city’s data privacy rules and practices, known as a Privacy First Policy.

As part of a Privacy First Policy, the City of San Francisco shall:

– Engage with impacted individuals / communities prior to authorizing or changing the collection, storage, sharing or use of personal information.

– Ensure personal information practices occur pursuant to a lawful and authorized purpose.

– Provide individuals the ability to access and correct personal information.

– Solicit informed consent for the collection, storage, sharing or use of personal information.

– Discourage collection, storage, sharing or use of certain sensitive demographic information unless necessary, such as personal information that may identify an individual’s race, religion, creed, national origin, gender, sexual orientation, age, physical disability, or mental disability.

– Deidentify data sets for research, statistics, or other analytics, as well as implement technical safeguards to prevent reidentification.

– Adopt practices to respond to requests for personal information

– Allow individuals to move and organize throughout the City without being tracked or located without their consent.

– Evaluate or mitigate bias or inaccuracy in the collection, storage, sharing or use of personal information.

– Retain personal information for only as long as necessary.

– Secure personal information against unauthorized or unlawful processing or disclosure; unwanted access, manipulation or misuse; and accidental loss, destruction or damage.

Proposition B would also require the San. Fran. administrator’s office to create an ordinance on the protection of consumer data. The deadline for the proposal would be May 31, 2019. The ordinance, if approved, would establish criteria and rules for the City’s own practices; the practices of third-parties that would enter into a contract, grant or lease with the City of San Francisco; and the practices that shall be considered when the City issues a permit, license or other entitlement that may involve the the collection, storage, sharing or use of Personal Information in connection with it.

The ballot measures defines Personal Information as any information that identifies, relates to, describes or is capable of being associated with a particular individual. It includes, but is not limited to, an individual’s name, signature, social security number, physical characteristics or description, address, geolocation data, IP address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, genetic and biometric data, or health insurance information.

The ballot measure will also require the City Administrator to provide the San Francisco Mayor and the Board of Supervisors with a written report describing the City’s implementation of the Privacy First policy; describe new threats to privacy in the collection, storage, sharing or usage of personal information; and make recommendations as appropriate.

Many California businesses are already facing implementation of the requirements of the California Consumer Privacy Act in 2019 (effective date in 2020). It will be interesting to see what happens with this initiative at the polls tomorrow.

EU GDPR
– GDPR Compliance
– Consent Management Software
– GDPR Data Mapping Software
– DSAR Portal
– GDPR Text

California Consumer Privacy Act
– CCPA Summary
– CCPA vs GDPR
– CCPA Privacy Software
– CCPA Webinar

Other Blog Posts on Privacy Laws:

Chicago Considering Personal Data Collection and Protection Ordinance
Vermont Passes Data Broker Law – First in US!
New Mexico Privacy Bill Copies CCPA
New York Considering Privacy Law – Right to Know Act
New PIPEDA Rules for Data Breach Reporting in Canada