(a) The principles stated in subsection (e) of this Section 16.130 constitute the Privacy First Policy of the City and County of San Francisco (“City”) and are intended to provide guidance to the City when considering the adoption of privacy-protective laws, regulations, policies, and practices for the City; the City’s contractors, lessees, and grantees; third parties receiving permits, licenses, or other entitlements from the City; and persons (including businesses and other entities) within the regulatory authority of the City.
(b) All parts of City government, including but not limited to boards, commissions, departments, other bodies, and officials, are authorized to implement any or all of these principles consistent with other provisions of the Charter, including this Section 16.130, and City law.
(c) Notwithstanding subsection (b), and notwithstanding any other provision of the Charter, the Board of Supervisors shall have authority by ordinance to implement these principles as it deems appropriate. This authority includes imposing requirements that implement any or all of these principles on any or all City boards, commissions, departments, other entities, and officials, and on any or all contractors, lessees, grantees, third parties receiving permits, licenses, or other entitlements, or others, within the jurisdiction of said boards, commissions, departments, other entities, and officials.
(d) For purposes of the Privacy First Policy, “Personal Information” means any information that identifies, relates to, describes, or is capable of being associated with, a particular individual. Personal Information includes, but is not limited to, an individual’s name, signature, social security number, physical characteristics or description, address, geolocation data, IP address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, genetic and biometric data, or health insurance information.
(e) When considering the adoption of privacy-protective laws, regulations, policies, and practices, the City shall:
(1) Engage with and inform individuals and communities likely to be impacted by the collection, storage, sharing, or use of their Personal Information prior to authorizing and prior to any change regarding the collection, storage, sharing, or use of their Personal Information.
(2) Ensure that Personal Information is only collected, stored, shared, or used pursuant to a lawful and authorized purpose.
(3) Allow individuals to access Personal Information about themselves that has been collected, and provide access and tools to correct any inaccurate Personal Information.
(4) Solicit informed consent to the collection, storage, sharing, or use of Personal Information, and provide alternative and equal access to goods and services for those who deny or revoke consent.
(5) Discourage the collection, storage, sharing, or use of Personal Information, including Personal Information that may identify an individual’s race, religion or creed, national origin, gender, sexual orientation, age, physical or mental disability, or other potentially sensitive demographic information, unless necessary to accomplish a lawful and authorized purpose.
(6) De-identify data sets, when collected for research, statistical, or other analytical purposes, thereby removing the ability to connect personal characteristics with specific individuals, and implement technical safeguards to prevent re-identification of information.
(7) Adopt and make public, or cause to be made public, policies and practices for responding to requests or demands for Personal Information from governmental entities.
(8) Allow individuals to move and organize throughout the City without being tracked or located in a manner that subjects them to collection of Personal Information without their consent.
(9) Evaluate and mitigate bias or inaccuracy in the collection, storage, sharing, or use of Personal Information, and anticipate potential bias in secondary uses of and algorithms used in connection with Personal Information.
(10) Retain Personal Information for only as long as necessary to accomplish a lawful and authorized purpose.
(11) Secure Personal Information against unauthorized or unlawful processing or disclosure; unwarranted access, manipulation, or misuse; and accidental loss, destruction, or damage.
(f) In furtherance of the Privacy First Policy, the City Administrator, by May 31, 2019, shall propose for consideration by the Board of Supervisors an ordinance establishing criteria and rules that the City shall adhere to (1) in the City’s own practices for the collection, storage, sharing, and use of Personal Information; (2) when entering into contracts, grants, or leases with third parties that are, or may in the future be, in a position to collect, store, share, or use Personal Information in connection with or generated by the contract, grant, or lease; and (3) when issuing permits, licenses, or other entitlements that involve, or may in the future involve, collection, storage, sharing, or use of Personal Information in connection with or generated by the permit, license, or other entitlement. The proposed ordinance may also address criteria and rules regarding collection, storage, sharing, and use of Personal Information by persons (including businesses and other entities) within the City’s regulatory authority. This subsection (f) shall not be construed to restrict the authority of the Board of Supervisors at any time to adopt an ordinance concerning the subjects that are or could be addressed by the City Administrator in the proposed ordinance.
(g) No less frequently than every three years following the submission under subsection (f) of the City Administrator’s proposed ordinance, the City Administrator shall provide to the Board of Supervisors and the Mayor a written report describing the City’s implementation of the Privacy First Policy; describing new dimensions of collecting, storing, sharing, and using Personal Information that may present a threat to privacy; and making such recommendations as the City Administrator deems appropriate, including but not limited to recommendations to adopt or amend ordinances regarding the collection, storage, sharing, or use of Personal Information.
(h) The principles in subsection (e) underlying the Privacy First Policy are not binding or self-executing but rather are intended as a guide to City boards, commissions, departments, other bodies, and officials, and to the Board of Supervisors, when considering the adoption of privacy-protective laws, regulations, policies, and practices.
(i) The Privacy First Policy may not be implemented in a manner that is inconsistent with voter-approved ordinances regarding privacy, open meetings, or public records. Notwithstanding any other provision of the Charter, the Board of Supervisors is authorized by ordinance to amend voter-approved ordinances regarding privacy, open meetings, or public records, provided that any such amendment is not inconsistent with the purpose or intent of the voter-approved ordinance.
(j) The Privacy First Policy is not intended in any manner to limit the power of the City to protect privacy by adopting laws, regulations, policies, and practices within the City’s power, whether specified or not specified in this Section 16.130.
(k) This Section 16.130 shall not apply to the extent, if any, its application is preempted by federal or state law.
(Added by Proposition B, Approved 11/6/2018)